CVE-2020-20640

Published: 2021-06-28T18:15Z

Last Modified: 2024-11-21T05:12Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt