2 matches found
CVE-2019-12935
Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI...
CVE-2019-12935
Shopware prior to 5.5.8 is affected by a reflected XSS via unsanitized query parameters in the backend/Login or backend/Login/load/ URIs. The issue lets an attacker craft a URL that, when visited by a user, executes arbitrary script in the victim’s browser. Affected component is the login backend...