CVE-2021-25963

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-25963
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25963.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-25963
Aliases
Published
2021-09-30T08:15:06.357Z
Modified
2026-03-14T10:51:48.257242Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped.

References

Affected packages

Git / github.com/shuup/shuup

Affected ranges

Type
GIT
Repo
https://github.com/shuup/shuup
Events
Introduced
8cdd96f0efd1bd0a23a25422b942a735128b0dc2
Last affected
fe2250317f2f9acc2ee7c7c6ff531d017df9b8ea
Fixed
75714c37e32796eb7cbb0d977af5bcaa26573588
Database specific 
{
    "versions": [
        {
            "introduced": "1.6.0"
        },
        {
            "last_affected": "2.10.8"
        }
    ]
}

Affected versions

2.*
2.9.1
v1.*
v1.10.0
v1.10.1
v1.10.10
v1.10.11
v1.10.12
v1.10.13
v1.10.14
v1.10.15
v1.10.16
v1.10.1b1
v1.10.1b2
v1.10.1b3
v1.10.2
v1.10.2b1
v1.10.2b2
v1.10.2b3
v1.10.2b4
v1.10.2b5
v1.10.2b6
v1.10.3
v1.10.4
v1.10.5
v1.10.5b1
v1.10.6
v1.10.7
v1.10.8
v1.10.9
v1.11.0
v1.11.0b1
v1.11.0b2
v1.11.0b3
v1.11.1
v1.11.10
v1.11.11
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.11.8
v1.11.9
v1.6.0
v1.6.0b5
v1.6.1
v1.6.10
v1.6.11
v1.6.12
v1.6.13
v1.6.14
v1.6.15
v1.6.16
v1.6.1b1
v1.6.1b2
v1.6.1b3
v1.6.1b4
v1.6.2
v1.6.3
v1.6.3b1
v1.6.3b2
v1.6.3b3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.7b1
v1.6.7b2
v1.6.7b3
v1.6.8
v1.6.8b1
v1.6.9
v1.6.9b1
v1.6.9b2
v1.7.0
v1.7.0b1
v1.7.0b2
v1.7.0b3
v1.7.0b4
v1.7.0b5
v1.7.1
v1.7.1b1
v1.7.1b2
v1.7.1b3
v1.7.1b4
v1.7.1b5
v1.7.1rc
v1.7.2
v1.7.2b1
v1.7.2b2
v1.7.2b3
v1.7.2b4
v1.7.2b5
v1.7.3
v1.7.3b1
v1.7.3b2
v1.8.0
v1.8.0b1
v1.8.0b2
v1.8.0b3
v1.8.0b4
v1.8.1
v1.8.2
v1.8.2b1
v1.8.2b2
v1.8.2b3
v1.8.2b4
v1.8.2b5
v1.8.2b6
v1.8.3b1
v1.8.3b2
v1.9.0
v1.9.0b1
v1.9.0b2
v1.9.0b3
v1.9.0b4
v1.9.0b5
v1.9.0b6
v1.9.0b7
v1.9.1
v1.9.10
v1.9.10b1
v1.9.10b10
v1.9.10b11
v1.9.10b12
v1.9.10b2
v1.9.10b3
v1.9.10b4
v1.9.10b5
v1.9.10b6
v1.9.10b7
v1.9.10b8
v1.9.10b9
v1.9.11
v1.9.11b1
v1.9.11b2
v1.9.11b3
v1.9.11b4
v1.9.11b5
v1.9.11b6
v1.9.11b7
v1.9.11b8
v1.9.12
v1.9.12b1
v1.9.12b2
v1.9.13
v1.9.1b1
v1.9.1b10
v1.9.1b11
v1.9.1b2
v1.9.1b3
v1.9.1b4
v1.9.1b5
v1.9.1b6
v1.9.1b7
v1.9.1b8
v1.9.1b9
v1.9.2
v1.9.2b1
v1.9.2b10
v1.9.2b11
v1.9.2b12
v1.9.2b2
v1.9.2b3
v1.9.2b4
v1.9.2b5
v1.9.2b6
v1.9.2b7
v1.9.2b8
v1.9.2b9
v1.9.3
v1.9.3b1
v1.9.3b2
v1.9.3b3
v1.9.3b4
v1.9.3b5
v1.9.3b6
v1.9.4
v1.9.4b1
v1.9.4b2
v1.9.4b3
v1.9.4b4
v1.9.4b5
v1.9.4b6
v1.9.4b7
v1.9.4b8
v1.9.4b9
v1.9.5
v1.9.5b1
v1.9.5b10
v1.9.5b2
v1.9.5b3
v1.9.5b4
v1.9.5b5
v1.9.5b6
v1.9.5b7
v1.9.5b8
v1.9.5b9
v1.9.6
v1.9.6b1
v1.9.7
v1.9.7b1
v1.9.7b2
v1.9.7b3
v1.9.7b4
v1.9.8
v1.9.8b1
v1.9.8b2
v1.9.8b3
v1.9.8b4
v1.9.8b5
v1.9.8b6
v1.9.9
v1.9.9b1
v1.9.9b2
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.1.0
v2.1.1
v2.1.10
v2.1.11
v2.1.12
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.1.9
v2.10.0
v2.10.0b1
v2.10.1
v2.10.2
v2.10.3
v2.10.4
v2.10.5
v2.10.7
v2.10.8
v2.2.0
v2.2.1
v2.2.10
v2.2.11
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.0
v2.3.1
v2.3.10
v2.3.11
v2.3.12
v2.3.13
v2.3.14
v2.3.15
v2.3.16
v2.3.17
v2.3.18
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.5.0
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.9.0
v2.9.1
v2.9.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25963.json"