shuup@2.5.0 vulnerabilities

E-Commerce Platform

Known vulnerabilities in the shuup package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M CSV Injection Affected versions of this package are vulnerable to CSV Injection. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed. How to fix CSV Injection? Upgrade `shuup` to version 2.11.0 or higher.	[,2.11.0)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS). This is due to views returning unescaped content. How to fix Cross-site Scripting (XSS)? Upgrade `shuup` to version 2.11.0 or higher.	[1.6.0,2.11.0)