Shopware Non-Persistent XSS in the Frontend

2024-05-2120:42:46

Google

osv.dev

shopware

ecommerce

cross-site scripting

5.9 Medium

AI Score

Confidence

High

JSON

A non-persistent Cross-Site Scripting (XSS) vulnerability has been identified in the Shopware eCommerce platform within the frontend. This vulnerability may allow an attacker to inject and execute malicious scripts in the context of a victim’s web browser.

CPENameOperatorVersion
shopware/shopwareeq5.2.27
shopware/shopwareeq5.2.24
shopware/shopwareeq5.3.5
shopware/shopwareeq5.2.18
shopware/shopwareeq5.2.20
shopware/shopwareeq5.2.16
shopware/shopwareeq5.2.15
shopware/shopwareeq5.2.4
shopware/shopwareeq5.2.0
shopware/shopwareeq5.3.4

Name	Operator	Version
shopware/shopware	eq	5.2.27
shopware/shopware	eq	5.2.24
shopware/shopware	eq	5.3.5
shopware/shopware	eq	5.2.18
shopware/shopware	eq	5.2.20
shopware/shopware	eq	5.2.16
shopware/shopware	eq	5.2.15
shopware/shopware	eq	5.2.4
shopware/shopware	eq	5.2.0
shopware/shopware	eq	5.3.4

Rows per page:

1-10 of 321

References

community.shopware.com/_detail_2048.html

docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2018?category=shopware-5-en/security-updates

github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2018-01-22.yaml

github.com/shopware5/shopware

github.com/shopware5/shopware/commit/54461aa651566dc2701b873fe6bd94589604751b

5.9 Medium

AI Score

Confidence

High

JSON