CVE-2020-5679

Medium

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user…

jpcert·CWE-1021·Published 2020-12-03

CVSS

6.1

EPSS

0.01

KEV

Exploits

cve.orgen

251 chars

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.

NVDen

251 chars

OSV.deven

251 chars

GHSAen

251 chars

NVDes

336 chars

Una restricción inapropiada de las capas o marcos de la interfaz de usuario renderizada en EC-CUBE versiones desde 3.0.0 hasta 3.0.18, conlleva a ataques de secuestro de clics. Si un usuario accede a una página especialmente diseñada mientras está conectado a la página administrativa, pueden ser conducidas operaciones no deseadas

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1	Secondary	GHSA	6.1	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N