solidus_backend cross-site request forgery vulnerability

Solidus is an open source e-commerce system. solidusbackend is the administrative interface of the Solidus e-commerce framework. solidusbackend is vulnerable to cross-site request forgery, which can be exploited by attackers to change the status of order adjustments while holding an order number,...

Cross site request forgery (csrf)

solidusbackend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery CSRF vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the...

GHSA-663J-RJCR-789F CSV injection in shuup

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

Design/Logic Flaw

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...