3 matches found
PYSEC-2021-355
“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...
Shuup 注入漏洞
Shuup is an open source e-commerce platform based on Django and Python from Shuup, Inc. Shuup suffers from an injection vulnerability that stems from a formula injection vulnerability affecting Shuup applications in versions 0.4.2 through 2.10.8. A customer can inject a payload into the name inpu...
PT-2019-13294 · Piwigo · Piwigo
Name of the Vulnerable Software and Affected Versions: Piwigo version 2.9.5 Description: The issue concerns an XSS exploit via the "admin.php?page=account billing" endpoint, specifically through the vat number, billing name, company, or billing address parameters. This is also exploitable through...