CVE-2021-25963 MEDIUM

CVE-2021-25963: Shuup - Reflected XSS in Error Page

Vendor Shuup
Product shuup
Weakness CWE-79 · XSS
Published September 30, 2021
Last update April 30, 2025

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped.

Key dates

02Disclosure timeline

September 30, 2021 CVE published
April 30, 2025 Record updated