Описание
Cross-site Scripting in shuup
In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped.
Пакеты
Наименование
shuup
pip
Затронутые версииВерсия исправления
>= 1.6.0, < 2.11.0
2.11.0
Связанные уязвимости
CVSS3: 6.1
nvd
больше 4 лет назад
In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped.