{"id":"CVE-2021-25962","details":"“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed.","aliases":["GHSA-663j-rjcr-789f","PYSEC-2021-355"],"modified":"2026-04-10T04:32:07.036903Z","published":"2021-09-29T14:15:08.070Z","references":[{"type":"ADVISORY","url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25962"},{"type":"FIX","url":"https://github.com/shuup/shuup/commit/0a2db392e8518410c282412561461cd8797eea51"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/shuup/shuup","events":[{"introduced":"9df61ced73de675ee365e0893868fb092647531b"},{"fixed":"4e69d7dc7c15ea6967717945d80476a5fb82e2e7"},{"fixed":"0a2db392e8518410c282412561461cd8797eea51"}],"database_specific":{"versions":[{"introduced":"0.4.2"},{"fixed":"2.11.0"}]}}],"versions":["2.9.1","v0.4.2","v0.4.3","v0.4.4","v0.4.5","v0.4.6","v0.4.6.1","v0.4.7","v0.5.0","v0.5.1","v0.5.3","v0.5.4","v0.5.5","v0.5.6","v0.5.7","v0.5.8","v1.10.0","v1.10.1","v1.10.10","v1.10.11","v1.10.12","v1.10.13","v1.10.14","v1.10.15","v1.10.16","v1.10.1b1","v1.10.1b2","v1.10.1b3","v1.10.2","v1.10.2b1","v1.10.2b2","v1.10.2b3","v1.10.2b4","v1.10.2b5","v1.10.2b6","v1.10.3","v1.10.4","v1.10.5","v1.10.5b1","v1.10.6","v1.10.7","v1.10.8","v1.10.9","v1.11.0","v1.11.0b1","v1.11.0b2","v1.11.0b3","v1.11.1","v1.11.2","v1.11.3","v1.11.4","v1.11.5","v1.2.0a1","v1.2.0a2","v1.2.0a3","v1.2.0a4","v1.2.0b1","v1.2.0b2","v1.2.0b3","v1.6.0","v1.6.0b5","v1.6.1","v1.6.10","v1.6.11","v1.6.12","v1.6.13","v1.6.14","v1.6.15","v1.6.1b1","v1.6.1b2","v1.6.1b3","v1.6.1b4","v1.6.2","v1.6.3","v1.6.3b1","v1.6.3b2","v1.6.3b3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.6.7b1","v1.6.7b2","v1.6.7b3","v1.6.8","v1.6.8b1","v1.6.9","v1.6.9b1","v1.6.9b2","v1.7.0","v1.7.0b1","v1.7.0b2","v1.7.0b3","v1.7.0b4","v1.7.0b5","v1.7.1","v1.7.1b1","v1.7.1b2","v1.7.1b3","v1.7.1b4","v1.7.1b5","v1.7.1rc","v1.7.2","v1.7.2b1","v1.7.2b2","v1.7.2b3","v1.7.2b4","v1.7.2b5","v1.7.3","v1.7.3b1","v1.7.3b2","v1.8.0","v1.8.0b1","v1.8.0b2","v1.8.0b3","v1.8.0b4","v1.8.1","v1.8.2","v1.8.2b1","v1.8.2b2","v1.8.2b3","v1.8.2b4","v1.8.2b5","v1.8.2b6","v1.8.3b1","v1.8.3b2","v1.9.0","v1.9.0b1","v1.9.0b2","v1.9.0b3","v1.9.0b4","v1.9.0b5","v1.9.0b6","v1.9.0b7","v1.9.1","v1.9.10","v1.9.10b1","v1.9.10b10","v1.9.10b11","v1.9.10b12","v1.9.10b2","v1.9.10b3","v1.9.10b4","v1.9.10b5","v1.9.10b6","v1.9.10b7","v1.9.10b8","v1.9.10b9","v1.9.11","v1.9.11b1","v1.9.11b2","v1.9.11b3","v1.9.11b4","v1.9.11b5","v1.9.11b6","v1.9.11b7","v1.9.11b8","v1.9.12","v1.9.12b1","v1.9.12b2","v1.9.13","v1.9.1b1","v1.9.1b10","v1.9.1b11","v1.9.1b2","v1.9.1b3","v1.9.1b4","v1.9.1b5","v1.9.1b6","v1.9.1b7","v1.9.1b8","v1.9.1b9","v1.9.2","v1.9.2b1","v1.9.2b10","v1.9.2b11","v1.9.2b12","v1.9.2b2","v1.9.2b3","v1.9.2b4","v1.9.2b5","v1.9.2b6","v1.9.2b7","v1.9.2b8","v1.9.2b9","v1.9.3","v1.9.3b1","v1.9.3b2","v1.9.3b3","v1.9.3b4","v1.9.3b5","v1.9.3b6","v1.9.4","v1.9.4b1","v1.9.4b2","v1.9.4b3","v1.9.4b4","v1.9.4b5","v1.9.4b6","v1.9.4b7","v1.9.4b8","v1.9.4b9","v1.9.5","v1.9.5b1","v1.9.5b10","v1.9.5b2","v1.9.5b3","v1.9.5b4","v1.9.5b5","v1.9.5b6","v1.9.5b7","v1.9.5b8","v1.9.5b9","v1.9.6","v1.9.6b1","v1.9.7","v1.9.7b1","v1.9.7b2","v1.9.7b3","v1.9.7b4","v1.9.8","v1.9.8b1","v1.9.8b2","v1.9.8b3","v1.9.8b4","v1.9.8b5","v1.9.8b6","v1.9.9","v1.9.9b1","v1.9.9b2","v2.0.0","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.8","v2.1.0","v2.1.1","v2.1.10","v2.1.11","v2.1.12","v2.1.2","v2.1.3","v2.1.4","v2.1.5","v2.1.6","v2.1.7","v2.1.8","v2.1.9","v2.10.0","v2.10.0b1","v2.10.1","v2.10.2","v2.10.3","v2.10.4","v2.10.5","v2.10.7","v2.10.8","v2.2.0","v2.2.1","v2.2.10","v2.2.11","v2.2.2","v2.2.3","v2.2.4","v2.2.5","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.3.0","v2.3.1","v2.3.10","v2.3.11","v2.3.12","v2.3.13","v2.3.14","v2.3.15","v2.3.16","v2.3.17","v2.3.18","v2.3.2","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.3.7","v2.3.8","v2.3.9","v2.4.0","v2.5.0","v2.6.0","v2.6.1","v2.6.2","v2.6.3","v2.6.4","v2.6.5","v2.7.0","v2.7.1","v2.7.2","v2.7.3","v2.8.0","v2.8.1","v2.8.3","v2.9.0","v2.9.1","v2.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25962.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}