{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T22:30:53.979","vulnerabilities":[{"cve":{"id":"CVE-2021-25962","sourceIdentifier":"vulnerabilitylab@mend.io","published":"2021-09-29T14:15:08.070","lastModified":"2024-11-21T05:55:41.060","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed."},{"lang":"es","value":"La aplicación \"Shuup\" en versiones 0.4.2 a 2.10.8, está afectada por una vulnerabilidad \"Formula Injection\". Un cliente puede inyectar cargas útiles en el campo name input en la dirección de facturación mientras compra un producto. Cuando un administrador de la tienda accede a la página de informes para exportar los datos como un archivo de Excel y lo abre, la carga útil es ejecutada\n"}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","description":[{"lang":"en","value":"CWE-1236"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1236"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:shuup:shuup:*:*:*:*:*:*:*:*","versionStartIncluding":"0.4.2","versionEndExcluding":"2.11.0","matchCriteriaId":"A567FB15-5A66-4FD9-A3FE-1C25B31CAA55"}]}]}],"references":[{"url":"https://github.com/shuup/shuup/commit/0a2db392e8518410c282412561461cd8797eea51","source":"vulnerabilitylab@mend.io","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25962","source":"vulnerabilitylab@mend.io","tags":["Third Party Advisory"]},{"url":"https://github.com/shuup/shuup/commit/0a2db392e8518410c282412561461cd8797eea51","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25962","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}