Lucene search
+L

4 matches found

vulnersosv
vulnersosv
added 2021/09/30 8:50 p.m.3 views

shuup-admin-channel (=1.0.0), shuup-attrim (>=0.8.0.0 <=0.9.0.7) +4 more potentially affected by CVE-2021-25962 via shuup (=1.9.1)

shuup PYPI version =1.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on shuup and may be impacted: - shuup-admin-channel =1.0.0 - shuup-attrim =0.8.0.0, =0.6.0, =0.7.0.1, =0.10.1.0 - shuup-utils =0.4.1.2 Source cves: CVE-2021-25962 Source advisory:...

8.8CVSS7.2AI score0.01051EPSS
Exploits0
vulnersosv
vulnersosv
added 2021/09/29 2:15 p.m.4 views

shuup-admin-channel (=1.0.0), shuup-attrim (>=0.8.0.0 <=0.9.0.7) +4 more potentially affected by CVE-2021-25962 via shuup (=1.9.1)

shuup PYPI version =1.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on shuup and may be impacted: - shuup-admin-channel =1.0.0 - shuup-attrim =0.8.0.0, =0.6.0, =0.7.0.1, =0.10.1.0 - shuup-utils =0.4.1.2 Source cves: CVE-2021-25962 Source advisory:...

8.8CVSS7.2AI score0.01051EPSS
Exploits0
cve
cve
added 2021/09/29 1:55 p.m.64 views

CVE-2021-25962

Summary of CVE-2021-25962 (Shuup) : The Shuup application (versions 0.4.2 to 2.10.8) is affected by a Formula Injection vulnerability. The issue arises when a user injects payloads into the name field of the billing address; when a store administrator exports reports to Excel from the reports pag...

8.8CVSS8.1AI score0.01051EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/09/29 1:55 p.m.33 views

CVE-2021-25962 Shuup - Formula Injection in Checkout Addresses

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

8CVSS8.8AI score0.01051EPSS
Exploits0References2
Rows per page
Query Builder