VYPR
High severity8.0NVD Advisory· Published Sep 29, 2021· Updated Jun 17, 2026

CVE-2021-25962

CVE-2021-25962

Description

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
shuupPyPI
>= 0.4.2, < 2.11.02.11.0

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.