7 matches found
CVE-2025-67648
Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from the login page URL is directly rendered within the Twig template of the Storefront login page without further...
CVE-2025-67648
Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from the login page URL is directly rendered within the Twig template of the Storefront login page without further...
CVE-2025-67648 Shopware's inproper input validation can lead to Reflected XSS through Storefront Login Page
Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from the login page URL is directly rendered within the Twig template of the Storefront login page without further...
CVE-2025-67648
Shopware’s CVE-2025-67648 describes a reflected XSS vulnerability in the Storefront login page. The issue arises from AuthController.php rendering a login URL parameter (waitTime) directly into the Twig template without validation, enabling injection of arbitrary script via the login URL. Affecte...
CVE-2025-67648 Shopware's inproper input validation can lead to Reflected XSS through Storefront Login Page
Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from the login page URL is directly rendered within the Twig template of the Storefront login page without further...
Cross-site Scripting (XSS)
Overview shopware/storefront is a storefront for Shopware. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the waitTime or errorSnippet parameters in the login page, which are rendered directly in the template without input validation. An attacker can execute...
Shopware Storefront Reflected XSS in Storefront Login Page
Impact By exploiting the XSS vulnerabilities, malicious actors can perform harmful actions in the user's web browser in the session context of the affected user. Some examples of this include, but are not limited to: Obtaining user session tokens. Performing administrative actions when an...