Vulnerabilities > Shuup
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-30 | CVE-2021-25963 | Cross-site Scripting vulnerability in Shuup In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. | 6.1 |
| 2021-09-29 | CVE-2021-25962 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Shuup “Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. | 8.8 |