EUVD-2021-0240

Malware in sbrugna...

EUVD-2021-0241

Malware in sbrugna...

Malicious code in shuup-definite-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80cdcbf75c04b62ca3cb708954f0bb751a8d6f208e49ef367699127cd0d32ec7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6116 Malicious code in shuup-definite-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80cdcbf75c04b62ca3cb708954f0bb751a8d6f208e49ef367699127cd0d32ec7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

shuup-admin-channel (=1.0.0), shuup-attrim (>=0.8.0.0 <=0.9.0.7) +4 more potentially affected by CVE-2021-25963 via shuup (=1.9.1)

shuup PYPI version =1.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on shuup and may be impacted: - shuup-admin-channel =1.0.0 - shuup-attrim =0.8.0.0, =0.6.0, =0.7.0.1, =0.10.1.0 - shuup-utils =0.4.1.2 Source cves: CVE-2021-25963 Source advisory:...

GHSA-5PCX-VQJP-P34W Cross-site Scripting in shuup

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

Cross-site Scripting in shuup

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

shuup-admin-channel (=1.0.0), shuup-attrim (>=0.8.0.0 <=0.9.0.7) +4 more potentially affected by CVE-2021-25962 via shuup (=1.9.1)

shuup PYPI version =1.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on shuup and may be impacted: - shuup-admin-channel =1.0.0 - shuup-attrim =0.8.0.0, =0.6.0, =0.7.0.1, =0.10.1.0 - shuup-utils =0.4.1.2 Source cves: CVE-2021-25962 Source advisory:...

CSV injection in shuup

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

GHSA-663J-RJCR-789F CSV injection in shuup

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

CVE-2021-25963

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

CVE-2021-25963

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

PYSEC-2021-350

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

Cross site scripting

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

shuup-admin-channel (=1.0.0), shuup-attrim (>=0.8.0.0 <=0.9.0.7) +4 more potentially affected by CVE-2021-25963 via shuup (=1.9.1)

shuup PYPI version =1.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on shuup and may be impacted: - shuup-admin-channel =1.0.0 - shuup-attrim =0.8.0.0, =0.6.0, =0.7.0.1, =0.10.1.0 - shuup-utils =0.4.1.2 Source cves: CVE-2021-25963 Source advisory:...

PYSEC-2021-350

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

CVE-2021-25963 Shuup - Reflected XSS in Error Page

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

CVE-2021-25963

CVE-2021-25963 affects Shuup versions 1.6.0–2.10.8, with a reflected Cross-Site Scripting (XSS) flaw caused by unescaped error page content. Impact is arbitrary JavaScript execution in a victim’s browser. CVSS metrics provided (2.0/3.1) indicate MEDIUM severity (base scores 4.3 and 6.1, respectiv...

CVE-2021-25963 Shuup - Reflected XSS in Error Page

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

Shuup 跨站脚本漏洞

Shuup is an open source e-commerce platform based on Django and Python from Shuup Inc. in the United States. A cross-site scripting vulnerability exists in Shuup versions 1.6.0 through 2.10.8 that allows execution of arbitrary javascript code on the victim's browser...