Lucene search
Veracode Vulnerability DatabaseVERACODE:35326HistoryApr 29, 2022 - 6:44 a.m.
Cross-Site Scripting (XSS)
2022-04-2906:44:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
0.001 Low
EPSS
Percentile
38.3%
shopware/shopware is vulnerable to non-stored cross-site scripting. The vulnerability exists in storefront because the input parameters are not properly filtered which allows an attacker to inject and execute arbitrary scripts via url.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shopware/shopware | le | v5.7.8 | |
| shopware/shopware | le | v5.7.8 |
References
docs.shopware.com/en/shopware-5-en/security-updates/security-update
docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022
github.com/advisories/GHSA-4g29-fccr-p59w
github.com/shopware/shopware/commit/ab452b91a7571030e7ed10ff867c76bb7d75dc83
github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59w
www.shopware.com/en/changelog-sw5/#5-7-9
Related
cve
cve
CVE-2022-24873
2022-04-28 14:15:07
osv
osv
Reflected Cross-site Scripting in Shopware storefront
2022-04-28 20:59:24
github
github
Reflected Cross-site Scripting in Shopware storefront
2022-04-28 20:59:24
cvelist
cvelist
CVE-2022-24873 Non-Stored Cross-site Scripting in Shopware storefront
2022-04-28 13:45:14
prion
prion
Cross site scripting
2022-04-28 14:15:00
nvd
nvd
CVE-2022-24873
2022-04-28 14:15:07