14 matches found
EUVD-2020-30512
Malware in sbrugna...
EUVD-2022-1348
Malicious code in bioql PyPI...
Incorrect Authentication in shopware
Impact Modify Customers, create Orders without App Permission Patches We recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older...
CVE-2022-24745
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...
Design/Logic Flaw
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...
CVE-2022-24745 Guest session is shared between customers in shopware
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...
CVE-2022-24745 Guest session is shared between customers in shopware
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...
PT-2022-16850 · Shopware · Shopware
Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.8.2 Description: The issue arises from the improper setting of sensitive HTTP headers, making them cacheable. If an HTTP cache exists between the server and client, these headers may be exposed via HTTP caches...
CVE-2020-9741
The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
CVE-2020-9741
The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
CVE-2020-9732
The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they...
Cross site scripting
The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
CVE-2020-9732 Stored XSS in AEM Sites Components
The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they...
CVE-2020-9732
CVE-2020-9732 affects Adobe Experience Manager (AEM) Forms add-on for versions 6.5.5.0 and earlier and 6.4.8.2 and earlier. Root cause is a stored XSS in fields for the Sites component, allowing an author to store malicious scripts that execute in a viewer’s browser when the vulnerable page is op...