CVE-2020-5679

Publication date

2020-12-03 11:15:32

Family

jpcert

State

PUBLISHED

Description

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.