Shopware Cross-site Scripting Vulnerability

2022-05-2422:00:09

Google

osv.dev

0.001 Low

EPSS

Percentile

47.3%

JSON

Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.

CPENameOperatorVersion
shopware/shopwareeq5.2.26
shopware/shopwareeq5.2.4
shopware/shopwareeq5.1.2
shopware/shopwareeq5.2.14
shopware/shopwareeq5.0.3-RC1
shopware/shopwareeq5.4.0-RC1
shopware/shopwareeq5.0.0-BETA1
shopware/shopwareeq5.2.8
shopware/shopwareeq4.3.2
shopware/shopwareeq5.0.2

Name	Operator	Version
shopware/shopware	eq	5.2.26
shopware/shopware	eq	5.2.4
shopware/shopware	eq	5.1.2
shopware/shopware	eq	5.2.14
shopware/shopware	eq	5.0.3-RC1
shopware/shopware	eq	5.4.0-RC1
shopware/shopware	eq	5.0.0-BETA1
shopware/shopware	eq	5.2.8
shopware/shopware	eq	4.3.2
shopware/shopware	eq	5.0.2