Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ec-cube/ec-cube@4.0.5
Typecomposer
Namespaceec-cube
Nameec-cube
Version4.0.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1wk3-yxkq-j7en
vulnerability_id VCID-1wk3-yxkq-j7en
summary 
EC-CUBE Directory traversal vulnerability
Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40199
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47544
published_at 2026-06-05T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.4748
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40199
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN21213852/index.html
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T18:22:17Z/
url https://jvn.jp/en/jp/JVN21213852/index.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40199
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40199
4
reference_url https://www.ec-cube.net/info/weakness/20220909
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/20220909
5
reference_url https://www.ec-cube.net/info/weakness/20220909/
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T18:22:17Z/
url https://www.ec-cube.net/info/weakness/20220909/
6
reference_url https://github.com/advisories/GHSA-wjpv-frf2-3r58
reference_id GHSA-wjpv-frf2-3r58
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wjpv-frf2-3r58
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@4.1.2-p1
purl pkg:composer/ec-cube/ec-cube@4.1.2-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2-p1
1
url pkg:composer/ec-cube/ec-cube@4.2.0-alpha
purl pkg:composer/ec-cube/ec-cube@4.2.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.0-alpha
aliases CVE-2022-40199, GHSA-wjpv-frf2-3r58
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1wk3-yxkq-j7en
1
url VCID-f13c-wzhp-cqap
vulnerability_id VCID-f13c-wzhp-cqap
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25077
reference_id
reference_type
scores
0
value 0.00228
scoring_system epss
scoring_elements 0.45654
published_at 2026-06-04T12:55:00Z
1
value 0.00228
scoring_system epss
scoring_elements 0.45723
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25077
1
reference_url https://jvn.jp/en/jp/JVN04785663/
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:59:18Z/
url https://jvn.jp/en/jp/JVN04785663/
2
reference_url https://www.ec-cube.net/info/weakness/20230214/
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:59:18Z/
url https://www.ec-cube.net/info/weakness/20230214/
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25077
reference_id CVE-2023-25077
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-25077
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@4.0.6-p1
purl pkg:composer/ec-cube/ec-cube@4.0.6-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6-p1
1
url pkg:composer/ec-cube/ec-cube@4.1-beta
purl pkg:composer/ec-cube/ec-cube@4.1-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f7xa-d46p-67aq
2
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1-beta
2
url pkg:composer/ec-cube/ec-cube@4.1.2-p1
purl pkg:composer/ec-cube/ec-cube@4.1.2-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2-p1
3
url pkg:composer/ec-cube/ec-cube@4.2.0-alpha
purl pkg:composer/ec-cube/ec-cube@4.2.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.0-alpha
4
url pkg:composer/ec-cube/ec-cube@4.2.1
purl pkg:composer/ec-cube/ec-cube@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuus-wqhf-s3be
1
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.1
aliases CVE-2023-25077
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f13c-wzhp-cqap
2
url VCID-f7xa-d46p-67aq
vulnerability_id VCID-f7xa-d46p-67aq
summary 
EC-CUBE DOM-based cross-site scripting vulnerability
DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38975
reference_id
reference_type
scores
0
value 0.00217
scoring_system epss
scoring_elements 0.44252
published_at 2026-06-04T12:55:00Z
1
value 0.00217
scoring_system epss
scoring_elements 0.4432
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38975
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN21213852/index.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-21T18:23:58Z/
url https://jvn.jp/en/jp/JVN21213852/index.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-38975
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-38975
4
reference_url https://www.ec-cube.net/info/weakness/20220909
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/20220909
5
reference_url https://www.ec-cube.net/info/weakness/20220909/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-21T18:23:58Z/
url https://www.ec-cube.net/info/weakness/20220909/
6
reference_url https://github.com/advisories/GHSA-pggw-rqfm-72rh
reference_id GHSA-pggw-rqfm-72rh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pggw-rqfm-72rh
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@4.1.2-p1
purl pkg:composer/ec-cube/ec-cube@4.1.2-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2-p1
1
url pkg:composer/ec-cube/ec-cube@4.2.0-alpha
purl pkg:composer/ec-cube/ec-cube@4.2.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.0-alpha
aliases CVE-2022-38975, GHSA-pggw-rqfm-72rh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f7xa-d46p-67aq
3
url VCID-fuus-wqhf-s3be
vulnerability_id VCID-fuus-wqhf-s3be
summary 
Improper Control of Generation of Code ('Code Injection')
EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46845
reference_id
reference_type
scores
0
value 0.01296
scoring_system epss
scoring_elements 0.80063
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46845
1
reference_url https://jvn.jp/en/jp/JVN29195731/
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T20:27:53Z/
url https://jvn.jp/en/jp/JVN29195731/
2
reference_url https://www.ec-cube.net/info/weakness/20231026/index_3.php
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T20:27:53Z/
url https://www.ec-cube.net/info/weakness/20231026/index_3.php
3
reference_url https://www.ec-cube.net/info/weakness/20231026/index_40.php
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T20:27:53Z/
url https://www.ec-cube.net/info/weakness/20231026/index_40.php
4
reference_url https://www.ec-cube.net/info/weakness/20231026/index.php
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T20:27:53Z/
url https://www.ec-cube.net/info/weakness/20231026/index.php
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46845
reference_id CVE-2023-46845
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-46845
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@4.0.6-p1
purl pkg:composer/ec-cube/ec-cube@4.0.6-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6-p1
1
url pkg:composer/ec-cube/ec-cube@4.1-beta
purl pkg:composer/ec-cube/ec-cube@4.1-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f7xa-d46p-67aq
2
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1-beta
2
url pkg:composer/ec-cube/ec-cube@4.1.2-p1
purl pkg:composer/ec-cube/ec-cube@4.1.2-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2-p1
3
url pkg:composer/ec-cube/ec-cube@4.2.0-alpha
purl pkg:composer/ec-cube/ec-cube@4.2.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.0-alpha
4
url pkg:composer/ec-cube/ec-cube@4.2.3
purl pkg:composer/ec-cube/ec-cube@4.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.3
aliases CVE-2023-46845
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fuus-wqhf-s3be
4
url VCID-he32-4cf1-akf5
vulnerability_id VCID-he32-4cf1-akf5
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22438
reference_id
reference_type
scores
0
value 0.00235
scoring_system epss
scoring_elements 0.4648
published_at 2026-06-04T12:55:00Z
1
value 0.00235
scoring_system epss
scoring_elements 0.46545
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22438
1
reference_url https://jvn.jp/en/jp/JVN04785663/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-07T21:46:40Z/
url https://jvn.jp/en/jp/JVN04785663/
2
reference_url https://www.ec-cube.net/info/weakness/20230214/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-07T21:46:40Z/
url https://www.ec-cube.net/info/weakness/20230214/
3
reference_url https://www.ec-cube.net/info/weakness/20230214/index_2.php
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-07T21:46:40Z/
url https://www.ec-cube.net/info/weakness/20230214/index_2.php
4
reference_url https://www.ec-cube.net/info/weakness/20230214/index_3.php
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-07T21:46:40Z/
url https://www.ec-cube.net/info/weakness/20230214/index_3.php
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22438
reference_id CVE-2023-22438
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-22438
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@4.0.6-p1
purl pkg:composer/ec-cube/ec-cube@4.0.6-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6-p1
1
url pkg:composer/ec-cube/ec-cube@4.1-beta
purl pkg:composer/ec-cube/ec-cube@4.1-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f7xa-d46p-67aq
2
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1-beta
2
url pkg:composer/ec-cube/ec-cube@4.1.2-p1
purl pkg:composer/ec-cube/ec-cube@4.1.2-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2-p1
3
url pkg:composer/ec-cube/ec-cube@4.2.0-alpha
purl pkg:composer/ec-cube/ec-cube@4.2.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.0-alpha
4
url pkg:composer/ec-cube/ec-cube@4.2.1
purl pkg:composer/ec-cube/ec-cube@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuus-wqhf-s3be
1
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.1
aliases CVE-2023-22438
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-he32-4cf1-akf5
5
url VCID-kgjm-uhbj-gffx
vulnerability_id VCID-kgjm-uhbj-gffx
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22838
reference_id
reference_type
scores
0
value 0.00217
scoring_system epss
scoring_elements 0.44252
published_at 2026-06-04T12:55:00Z
1
value 0.00217
scoring_system epss
scoring_elements 0.4432
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22838
1
reference_url https://jvn.jp/en/jp/JVN04785663/
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T16:01:51Z/
url https://jvn.jp/en/jp/JVN04785663/
2
reference_url https://www.ec-cube.net/info/weakness/20230214/
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T16:01:51Z/
url https://www.ec-cube.net/info/weakness/20230214/
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22838
reference_id CVE-2023-22838
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-22838
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@4.0.6-p1
purl pkg:composer/ec-cube/ec-cube@4.0.6-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6-p1
1
url pkg:composer/ec-cube/ec-cube@4.1-beta
purl pkg:composer/ec-cube/ec-cube@4.1-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f7xa-d46p-67aq
2
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1-beta
2
url pkg:composer/ec-cube/ec-cube@4.1.2-p1
purl pkg:composer/ec-cube/ec-cube@4.1.2-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2-p1
3
url pkg:composer/ec-cube/ec-cube@4.2.0-alpha
purl pkg:composer/ec-cube/ec-cube@4.2.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.0-alpha
4
url pkg:composer/ec-cube/ec-cube@4.2.1
purl pkg:composer/ec-cube/ec-cube@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuus-wqhf-s3be
1
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.1
aliases CVE-2023-22838
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kgjm-uhbj-gffx
6
url VCID-mr5c-68tz-nfbn
vulnerability_id VCID-mr5c-68tz-nfbn
summary 
Missing Authorization
EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25355
reference_id
reference_type
scores
0
value 0.01055
scoring_system epss
scoring_elements 0.7793
published_at 2026-06-04T12:55:00Z
1
value 0.01055
scoring_system epss
scoring_elements 0.77957
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25355
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN53871926/index.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN53871926/index.html
3
reference_url https://www.ec-cube.net/info/weakness/20220221
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/20220221
4
reference_url https://www.ec-cube.net/info/weakness/20220221/
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20220221/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25355
reference_id CVE-2022-25355
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25355
6
reference_url https://github.com/advisories/GHSA-pw97-6v74-9w3p
reference_id GHSA-pw97-6v74-9w3p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pw97-6v74-9w3p
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@4.1.2
purl pkg:composer/ec-cube/ec-cube@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-tf8y-9k9g-jbct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2
aliases CVE-2022-25355, GHSA-pw97-6v74-9w3p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mr5c-68tz-nfbn
7
url VCID-zha4-9mts-pybk
vulnerability_id VCID-zha4-9mts-pybk
summary 
Cross-site Scripting
Cross-site scripting vulnerability in EC-CUBE to allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20717
reference_id
reference_type
scores
0
value 0.01366
scoring_system epss
scoring_elements 0.80527
published_at 2026-06-04T12:55:00Z
1
value 0.01366
scoring_system epss
scoring_elements 0.80554
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20717
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN97554111/index.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN97554111/index.html
3
reference_url https://www.ec-cube.net/news/detail.php?news_id=383
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/news/detail.php?news_id=383
4
reference_url https://www.ec-cube.net/news/detail.php?news_id=384
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/news/detail.php?news_id=384
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20717
reference_id CVE-2021-20717
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20717
6
reference_url https://github.com/advisories/GHSA-c8mx-43cq-993w
reference_id GHSA-c8mx-43cq-993w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c8mx-43cq-993w
fixed_packages
aliases CVE-2021-20717, GHSA-c8mx-43cq-993w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zha4-9mts-pybk
Fixing_vulnerabilities
0
url VCID-bus3-azwk-cqfj
vulnerability_id VCID-bus3-azwk-cqfj
summary 
Cross-site Scripting
Cross-site scripting vulnerability in EC-CUBE allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20751
reference_id
reference_type
scores
0
value 0.00591
scoring_system epss
scoring_elements 0.69597
published_at 2026-06-04T12:55:00Z
1
value 0.00591
scoring_system epss
scoring_elements 0.69636
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20751
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN95292458/index.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN95292458/index.html
3
reference_url https://www.ec-cube.net/info/weakness/weakness.php?id=78
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/weakness.php?id=78
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20751
reference_id CVE-2021-20751
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20751
5
reference_url https://github.com/advisories/GHSA-r6qq-qc9m-98w2
reference_id GHSA-r6qq-qc9m-98w2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6qq-qc9m-98w2
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@4.0.5
purl pkg:composer/ec-cube/ec-cube@4.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-mr5c-68tz-nfbn
7
vulnerability VCID-zha4-9mts-pybk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.5
1
url pkg:composer/ec-cube/ec-cube@4.0.6
purl pkg:composer/ec-cube/ec-cube@4.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-mr5c-68tz-nfbn
7
vulnerability VCID-n3h9-nemu-uugq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6
aliases CVE-2021-20751, GHSA-r6qq-qc9m-98w2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bus3-azwk-cqfj
1
url VCID-ccu6-ebu1-nkax
vulnerability_id VCID-ccu6-ebu1-nkax
summary 
Cross-site Scripting
Cross-site scripting vulnerability in EC-CUBE EC-CUBE to (EC-CUBE 3 series) and EC-CUBE to (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20750
reference_id
reference_type
scores
0
value 0.00741
scoring_system epss
scoring_elements 0.73331
published_at 2026-06-04T12:55:00Z
1
value 0.00741
scoring_system epss
scoring_elements 0.73368
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20750
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN95292458/index.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN95292458/index.html
3
reference_url https://www.ec-cube.net/info/weakness/weakness.php?id=78
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/weakness.php?id=78
4
reference_url https://www.ec-cube.net/info/weakness/weakness.php?id=79
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/weakness.php?id=79
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20750
reference_id CVE-2021-20750
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20750
6
reference_url https://github.com/advisories/GHSA-vrpv-26fm-7vf7
reference_id GHSA-vrpv-26fm-7vf7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrpv-26fm-7vf7
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.0.18
purl pkg:composer/ec-cube/ec-cube@3.0.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vzq-r4pf-1kac
1
vulnerability VCID-8d1z-47bk-vbd2
2
vulnerability VCID-fuus-wqhf-s3be
3
vulnerability VCID-he32-4cf1-akf5
4
vulnerability VCID-rqzy-xfsw-bqbg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.18
1
url pkg:composer/ec-cube/ec-cube@4.0.5
purl pkg:composer/ec-cube/ec-cube@4.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-mr5c-68tz-nfbn
7
vulnerability VCID-zha4-9mts-pybk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.5
2
url pkg:composer/ec-cube/ec-cube@4.0.6
purl pkg:composer/ec-cube/ec-cube@4.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-mr5c-68tz-nfbn
7
vulnerability VCID-n3h9-nemu-uugq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6
aliases CVE-2021-20750, GHSA-vrpv-26fm-7vf7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ccu6-ebu1-nkax
2
url VCID-zha4-9mts-pybk
vulnerability_id VCID-zha4-9mts-pybk
summary 
Cross-site Scripting
Cross-site scripting vulnerability in EC-CUBE to allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20717
reference_id
reference_type
scores
0
value 0.01366
scoring_system epss
scoring_elements 0.80527
published_at 2026-06-04T12:55:00Z
1
value 0.01366
scoring_system epss
scoring_elements 0.80554
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20717
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN97554111/index.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN97554111/index.html
3
reference_url https://www.ec-cube.net/news/detail.php?news_id=383
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/news/detail.php?news_id=383
4
reference_url https://www.ec-cube.net/news/detail.php?news_id=384
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/news/detail.php?news_id=384
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20717
reference_id CVE-2021-20717
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20717
6
reference_url https://github.com/advisories/GHSA-c8mx-43cq-993w
reference_id GHSA-c8mx-43cq-993w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c8mx-43cq-993w
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@4.0.5
purl pkg:composer/ec-cube/ec-cube@4.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-f13c-wzhp-cqap
2
vulnerability VCID-f7xa-d46p-67aq
3
vulnerability VCID-fuus-wqhf-s3be
4
vulnerability VCID-he32-4cf1-akf5
5
vulnerability VCID-kgjm-uhbj-gffx
6
vulnerability VCID-mr5c-68tz-nfbn
7
vulnerability VCID-zha4-9mts-pybk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.5
aliases CVE-2021-20717, GHSA-c8mx-43cq-993w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zha4-9mts-pybk
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.5