admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-259xx/CVE-2021-25962.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

144 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-25962",
"sourceIdentifier": "vulnerabilitylab@mend.io",
"published": "2021-09-29T14:15:08.070",
"lastModified": "2021-10-06T20:30:01.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\u201cShuup\u201d application in versions 0.4.2 to 2.10.8 is affected by the \u201cFormula Injection\u201d vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n \"Shuup\" en versiones 0.4.2 a 2.10.8, est\u00e1 afectada por una vulnerabilidad \"Formula Injection\". Un cliente puede inyectar cargas \u00fatiles en el campo name input en la direcci\u00f3n de facturaci\u00f3n mientras compra un producto. Cuando un administrador de la tienda accede a la p\u00e1gina de informes para exportar los datos como un archivo de Excel y lo abre, la carga \u00fatil es ejecutada\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "vulnerabilitylab@mend.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
},
{
"source": "vulnerabilitylab@mend.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shuup:shuup:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.4.2",
"versionEndExcluding": "2.11.0",
"matchCriteriaId": "A567FB15-5A66-4FD9-A3FE-1C25B31CAA55"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/shuup/shuup/commit/0a2db392e8518410c282412561461cd8797eea51",
"source": "vulnerabilitylab@mend.io",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25962",
"source": "vulnerabilitylab@mend.io",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink