PT-2021-16887 · Shuup · Shuup
Daniel Elkabes
·
Published
2021-09-30
·
Updated
2021-10-07
·
CVE-2021-25963
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Shuup versions 1.6.0 through 2.10.8
Description
The issue is related to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim's browser. This occurs because the error page contents are not properly escaped.
Recommendations
For Shuup versions 1.6.0 through 2.10.8, ensure that error page contents are properly escaped to prevent the execution of arbitrary javascript code. As a temporary workaround, consider implementing additional validation and sanitization for user-inputted data that may be displayed on error pages.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shuup