CVEs-PoC/2021/CVE-2021-20743.md

### [CVE-2021-20743](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20743)
![](https://img.shields.io/static/v1?label=Product&message=EC-CUBE%20Email%20newsletters%20management%20plugin%20(for%20EC-CUBE%203.0%20series)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=versions%20prior%20to%20version%201.0.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20scripting&color=brightgreen)

### Description

Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation.

### POC

#### Reference
- https://www.ec-cube.net/products/detail.php?product_id=960

#### Github
No PoCs found on GitHub currently.