CVE-2020-20640

EPSS 0.17% · P38 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-20640

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

ECShop 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ECShop是商派的一个开源商城系统。支持PC+H5+APP+小程序商城，源码免费下载体验，适合企业开发搭建商城。 ECShop 中存在跨站脚本漏洞，该漏洞源于security.php文件缺少安全过滤，导致系统中 user.php 文件中可以利用HTML实体编码绕过security .php文件的安全策略。攻击者可通过该漏洞执行客户端代码。以下产品及版本受到影响：ECShop 4.0。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2020-20640

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-20640

请登录查看更多情报信息。

https://www.jianshu.com/p/219755c047a1x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2020-20640

Same Patch Batch · n/a · 2021-06-28 · 29 CVEs total

CVE-2021-29157	7.5 HIGH	Dovecot 路径遍历漏洞
CVE-2021-23399	7.3 HIGH	Arbitrary Command Injection
CVE-2020-28200	4.3 MEDIUM	Dovecot 资源管理错误漏洞
CVE-2020-23711		NavigateCMS SQL注入漏洞
CVE-2020-21142		IPFire 跨站脚本漏洞
CVE-2021-35298		Zammad 跨站脚本漏洞
CVE-2021-35299		Zammad 日志信息泄露漏洞
CVE-2021-35300		Zammad 注入漏洞
CVE-2021-35301		Zammad 安全漏洞
CVE-2021-35302		Zammad 安全漏洞
CVE-2021-35303		Zammad 跨站脚本漏洞
CVE-2020-22609		Enhancesoft osTicket 跨站脚本漏洞
CVE-2020-22608		Enhancesoft osTicket 跨站脚本漏洞
CVE-2020-22607		LimeSurvey 跨站脚本漏洞
CVE-2021-35525		Roehling PostSRSd 安全漏洞
CVE-2020-23715		WebPort 路径遍历漏洞
CVE-2021-35523		Securepoint SSL VPN Client 访问控制错误漏洞
CVE-2021-34187		Chamilo LMS SQL注入漏洞
CVE-2021-34254		Umbraco 输入验证错误漏洞
CVE-2020-23710		LimeSurvey 跨站脚本漏洞

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2020-20640

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-20640

I. Basic Information for CVE-2020-20640

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-20640

III. Intelligence Information for CVE-2020-20640

Same Patch Batch · n/a · 2021-06-28 · 29 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-20640

Leave a comment