{"id":"PYSEC-2021-350","details":"In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped.","aliases":["CVE-2021-25963","GHSA-5pcx-vqjp-p34w"],"modified":"2023-11-01T04:54:49.277678Z","published":"2021-09-30T08:15:00Z","references":[{"type":"FIX","url":"https://github.com/shuup/shuup/commit/75714c37e32796eb7cbb0d977af5bcaa26573588"},{"type":"WEB","url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25963"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-5pcx-vqjp-p34w"}],"affected":[{"package":{"name":"shuup","ecosystem":"PyPI","purl":"pkg:pypi/shuup"},"ranges":[{"type":"GIT","repo":"https://github.com/shuup/shuup","events":[{"introduced":"0"},{"fixed":"75714c37e32796eb7cbb0d977af5bcaa26573588"}]},{"type":"ECOSYSTEM","events":[{"introduced":"1.6.0"},{"fixed":"2.11.0"}]}],"versions":["1.10.0","1.10.1","1.10.10","1.10.11","1.10.12","1.10.13","1.10.14","1.10.15","1.10.16","1.10.2","1.10.3","1.10.4","1.10.5","1.10.6","1.10.7","1.10.8","1.10.9","1.11.0","1.11.1","1.11.10","1.11.3","1.11.4","1.11.5","1.11.6","1.11.7","1.11.8","1.11.9","1.6.0","1.6.15","1.6.16","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.7.0","1.7.1","1.7.3","1.8.0","1.8.1","1.8.2","1.9.0","1.9.1","1.9.10","1.9.11","1.9.12","1.9.13","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","1.9.7","1.9.8","1.9.9","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.1.1","2.1.10","2.1.11","2.1.12","2.1.2","2.1.3","2.1.4","2.1.5","2.1.6","2.1.7","2.1.8","2.10.0","2.10.0b1","2.10.1","2.10.2","2.10.3","2.10.4","2.10.5","2.10.6","2.10.7","2.10.8","2.2.0","2.2.1","2.2.10","2.2.11","2.2.2","2.2.3","2.2.4","2.2.5","2.2.6","2.2.7","2.2.8","2.2.9","2.3.0","2.3.1","2.3.10","2.3.11","2.3.12","2.3.13","2.3.14","2.3.15","2.3.16","2.3.17","2.3.18","2.3.2","2.3.3","2.3.4","2.3.5","2.3.6","2.3.7","2.3.8","2.3.9","2.4.0","2.5.0","2.6.0","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.1","2.7.2","2.7.3","2.8.0","2.8.1","2.8.3","2.9.0","2.9.1","2.9.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/shuup/PYSEC-2021-350.yaml"}}],"schema_version":"1.7.3"}