EUVD-2021-0241

Malware in sbrugna...

EUVD-2021-0240

Malware in sbrugna...

MAL-2022-6116 Malicious code in shuup-definite-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80cdcbf75c04b62ca3cb708954f0bb751a8d6f208e49ef367699127cd0d32ec7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in shuup-definite-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80cdcbf75c04b62ca3cb708954f0bb751a8d6f208e49ef367699127cd0d32ec7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-5PCX-VQJP-P34W Cross-site Scripting in shuup

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

Cross-site Scripting in shuup

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

shuup-admin-channel (=1.0.0), shuup-attrim (>=0.8.0.0 <=0.9.0.7) +4 more potentially affected by CVE-2021-25963 via shuup (=1.9.1)

shuup PYPI version =1.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on shuup and may be impacted: - shuup-admin-channel =1.0.0 - shuup-attrim =0.8.0.0, =0.6.0, =0.7.0.1, =0.10.1.0 - shuup-utils =0.4.1.2 Source cves: CVE-2021-25963 Source advisory:...

shuup-admin-channel (=1.0.0), shuup-attrim (>=0.8.0.0 <=0.9.0.7) +4 more potentially affected by CVE-2021-25962 via shuup (=1.9.1)

shuup PYPI version =1.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on shuup and may be impacted: - shuup-admin-channel =1.0.0 - shuup-attrim =0.8.0.0, =0.6.0, =0.7.0.1, =0.10.1.0 - shuup-utils =0.4.1.2 Source cves: CVE-2021-25962 Source advisory:...

GHSA-663J-RJCR-789F CSV injection in shuup

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

CSV injection in shuup

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

CVE-2021-25963

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

CVE-2021-25963

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

shuup-admin-channel (=1.0.0), shuup-attrim (>=0.8.0.0 <=0.9.0.7) +4 more potentially affected by CVE-2021-25963 via shuup (=1.9.1)

shuup PYPI version =1.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on shuup and may be impacted: - shuup-admin-channel =1.0.0 - shuup-attrim =0.8.0.0, =0.6.0, =0.7.0.1, =0.10.1.0 - shuup-utils =0.4.1.2 Source cves: CVE-2021-25963 Source advisory:...

PYSEC-2021-350

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

Cross site scripting

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

PYSEC-2021-350

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

CVE-2021-25963 Shuup - Reflected XSS in Error Page

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

CVE-2021-25963 Shuup - Reflected XSS in Error Page

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

CVE-2021-25963

CVE-2021-25963 affects Shuup versions 1.6.0–2.10.8, with a reflected Cross-Site Scripting (XSS) flaw caused by unescaped error page content. Impact is arbitrary JavaScript execution in a victim’s browser. CVSS metrics provided (2.0/3.1) indicate MEDIUM severity (base scores 4.3 and 6.1, respectiv...

Shuup 跨站脚本漏洞

Shuup is an open source e-commerce platform based on Django and Python from Shuup Inc. in the United States. A cross-site scripting vulnerability exists in Shuup versions 1.6.0 through 2.10.8 that allows execution of arbitrary javascript code on the victim's browser...