WhiteSource Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: September 30, 2021
DetailsThe “Shuup” application is affected by the “Reflected XSS” vulnerability on an error page. An attacker makes a csrf request and updates the victim's email account registered with the account to the attacker's email by sending a malicious link which leads to account takeover.
PoC DetailsAs the victim user, click on the malicious URL and the malicious payload will be executed.
Affected EnvironmentsPyPI Version Range: 1.6.0 through 2.10.8; Github Version Range: shoop/v2.0.0 through v2.10.8
PreventionUpdate to Shuup version 2.11.0
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privilegs Required (PR):||None|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|