Lucene search

GoogleOSV:GHSA-MJ9R-FPV3-RGFX

HistoryApr 21, 2023 - 3:30 p.m.

Shopware vulnerable to cross-site scripting (XSS)

2023-04-2115:30:18

Google

osv.dev

shopware

cross-site scripting

vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.2%

JSON

Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability.

CPENameOperatorVersion
shopware/shopwareeq5.2.0-RC2
shopware/shopwareeq4.3.7
shopware/shopwareeq5.0.2-RC1
shopware/shopwareeq5.2.16
shopware/shopwareeq5.5.0-RC1
shopware/shopwareeq5.5.6
shopware/shopwareeq5.1.2
shopware/shopwareeq5.2.11
shopware/shopwareeq4.2.0-rc.1
shopware/shopwareeq4.2.0

Name	Operator	Version
shopware/shopware	eq	5.2.0-RC2
shopware/shopware	eq	4.3.7
shopware/shopware	eq	5.0.2-RC1
shopware/shopware	eq	5.2.16
shopware/shopware	eq	5.5.0-RC1
shopware/shopware	eq	5.5.6
shopware/shopware	eq	5.1.2
shopware/shopware	eq	5.2.11
shopware/shopware	eq	4.2.0-rc.1
shopware/shopware	eq	4.2.0

Rows per page:

1-10 of 991

References

github.com/sahilop123/-CVE-2022-48150

github.com/shopware/shopware

nvd.nist.gov/vuln/detail/CVE-2022-48150

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.2%

JSON

Related for OSV:GHSA-MJ9R-FPV3-RGFX