Lucene search
Veracode Vulnerability DatabaseVERACODE:36089HistoryJun 23, 2022 - 4:18 a.m.
Cross-site Scripting (XSS)
2022-06-2304:18:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.001 Low
EPSS
Percentile
33.6%
shopware/shopware is vulnerable to stored cross-site scripting. The vulnerability exists in the onRouteShutdown function in Bootstrap.php because the input parameters are not properly filtered which allows an attacker to inject and execute arbitrary scripts.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shopware/shopware | le | v5.7.11 | |
| shopware/shopware | le | v5.7.11 |
References
docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022
github.com/advisories/GHSA-q754-vwc4-p6qj
github.com/shopware/shopware/commit/3e025a0a3e123f4108082645b1ced6fb548f7b6f
github.com/shopware/shopware/security/advisories/GHSA-q754-vwc4-p6qj
packagist.org/packages/shopware/shopware
www.shopware.com/de/changelog-sw5/#5-7-12
Related
nvd
nvd
CVE-2022-31057
2022-06-27 20:15:08
cvelist
cvelist
CVE-2022-31057 Authenticated Stored XSS in Shopware Administration
2022-06-27 19:30:26
cve
cve
CVE-2022-31057
2022-06-27 20:15:08
osv
osv
Authenticated Stored Cross-site Scripting in Shopware
2022-06-22 17:53:34
cnvd
cnvd
Shopware Cross-Site Scripting Vulnerability (CNVD-2022-58390)
2022-06-30 00:00:00
github
github
Authenticated Stored Cross-site Scripting in Shopware
2022-06-22 17:53:34
prion
prion
Cross site scripting
2022-06-27 20:15:00