High severity8.0NVD Advisory· Published Sep 29, 2021· Updated Jun 17, 2026
CVE-2021-25962
CVE-2021-25962
Description
“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
shuupPyPI | >= 0.4.2, < 2.11.0 | 2.11.0 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/shuup/shuup/commit/0a2db392e8518410c282412561461cd8797eea51nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-663j-rjcr-789fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-25962ghsaADVISORY
- www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25962nvdThird Party AdvisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/shuup/PYSEC-2021-355.yamlghsaWEB
News mentions
0No linked articles in our index yet.