Cross-Site Scripting (XSS)

2021-06-2503:03:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

25.8%

JSON

shopware/shopware is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript in a user’s browser via administration.

CPENameOperatorVersion
shopware/shopwarele5.6.9

CPE	Name	Operator	Version
	shopware/shopware	le	5.6.9

References

docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2021

github.com/shopware/shopware/commit/a0850ffbc6f581a8eb8425cc2bf77a0715e21e12

github.com/shopware/shopware/security/advisories/GHSA-f6p7-8xfw-fjqq

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for VERACODE:31057