CVE-2021-25962

Sažetak

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed.

Reference

https://github.com/shuup/shuup/commit/0a2db392e8518410c282412561461cd8797eea51
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25962

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

06-10-2021 - 20:30

Objavljeno

29-09-2021 - 14:15