Shopify: Information disclosure ( Google Sales Channel )

In the review on apps.shopify.com the Google sales channel has a review of 5407 but the actual number of shopify stores that use the Google channel I believe is more than that number so I think this vulnerability can have an impact on many shopify stores and here I found a vulnerability where...

GHSA-9WRV-G75H-8CCC Improper Access Control in Shopware

Shopware 6 is an open commerce platform based on Symfony Framework and Vue and supported by a worldwide community and more than 1.500 community extensions. Permissions set to sales channel context by admin-api are still useable within normal user session. We recommend updating to the current...

Privilege Escalation

shopware/platform and shopware/core are vulnerable to privilege escalation. Lack of secure handling allows the permissions set by admin-api for sales channel context to be able use within normal user sessions...

CVE-2022-24872

Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security...

Design/Logic Flaw

Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security...

CVE-2022-24872 Improper Access Control in shopware

Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security...

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware, which stems from the fact that the admin-api privilege settings for the sales channel are still available in a normal user session...

Sap Crm Web Channel 信息泄露漏洞

Sap Crm Web Channel is an e-commerce management system from SAP Germany. It is used to transform the Internet into profitable sales and provide customer satisfaction and convenience to business partners. An information disclosure vulnerability exists in SAP CRM Web Channel, which can be exploited...

Shopify: H1514 Stored XSS on Wholesale sales channel allows cross-organization data leakage

Summary: There exists a stored XSS vulnerability via the Wholesale sales channel at https://wholesale.shopifyapps.com. This allows an attacker who shares one shop with an account owner to access the Wholesale sales channel of any shop belonging to the owner. Steps To Reproduce: 1. Visit...

Shopify: Bypass Filter and get Stored Xss

Description Shopify allows developers to create a special type of application called a "Sales Channel". Developers are allowed to upload a 16x16 SVG "Navigation Icon" for their app provided the SVG follows the design guidelines which limits the allowed elements and attributes. For some reason whe...