Lucene search
Veracode Vulnerability DatabaseVERACODE:34594HistoryMar 10, 2022 - 5:06 a.m.
Cross-site Scripting (XSS)
2022-03-1005:06:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
30.8%
shopware/core is vulnerable to cross-site scripting. The vulnerability exists because the promotion and product codes are not filtered properly which allows a malicious attacker to inject and execute arbitrary code.
References
docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022
github.com/shopware/core/commit/40749a8f1c4d0281666cb91ee96207dd33c39fd8
github.com/shopware/platform/commit/651598a61073cbe59368e311817bdc6e7fb349c6
github.com/shopware/platform/security/advisories/GHSA-952p-fqcp-g8pc
github.com/shopware/storefront/commit/55a974e3bb18280e4e2cc2d4e29e860d346e4f27
Related
nvd
nvd
CVE-2022-24746
2022-03-09 23:15:08
osv
osv
CVE-2022-24746
2022-03-09 23:15:08
HTML injection possibility in voucher code form in Shopware
2022-03-10 17:49:26
cvelist
cvelist
CVE-2022-24746 HTML injection possibility in voucher code form
2022-03-09 22:25:23
cnvd
cnvd
Shopware Cross-Site Scripting Vulnerability (CNVD-2022-18526)
2022-03-11 00:00:00
prion
prion
Code injection
2022-03-09 23:15:00
cve
cve
CVE-2022-24746
2022-03-09 23:15:08
github
github
HTML injection possibility in voucher code form in Shopware
2022-03-10 17:49:26