CVE-2021-25963

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pypi/shuup

Identifier

CVE-2021-25963

Package Slug

pypi/shuup

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

In Shuup are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped.

Affected Versions

All versions starting from 1.6.0 up to 2.10.8

Solution

Upgrade to version 2.11.0 or above.

Last Modified

2021-10-10

source