Lucene search
Veracode Vulnerability DatabaseVERACODE:36521HistoryJul 28, 2022 - 5:02 a.m.
Cross-Site Scripting (XSS)
2022-07-2805:02:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
0.001 Low
EPSS
Percentile
25.8%
shopware/shopware is vulnerable to persistent cross-site scripting. The vulnerability exists in renderer function in preview.js because the email field is not properly escaped which allows an attacker to inject and execute arbitrary javascript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shopware/shopware | le | v5.7.13 | |
| shopware/shopware | le | v5.7.13 |
References
docs.shopware.com/en/shopware-5-en/security-updates/security-update-07-2022
github.com/advisories/GHSA-5834-xv5q-cgfw
github.com/shopware/shopware/commit/13e67baae3adc6c3e231c323104fa66b4f7d2e93
github.com/shopware/shopware/commit/7875855005648fba7b39371a70816afae2e07daf
github.com/shopware/shopware/security/advisories/GHSA-5834-xv5q-cgfw
Related
osv
osv
prion
prion
Cross site scripting
2022-08-01 17:15:00
cvelist
cvelist
cve
cve
CVE-2022-31148
2022-08-01 17:15:08
cnvd
cnvd
Shopware Cross-Site Scripting Vulnerability (CNVD-2022-56128)
2022-08-04 00:00:00
github
github
nvd
nvd
CVE-2022-31148
2022-08-01 17:15:08