Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for orders ...
6.5CVSS
6.3AI Score
0.0005EPSS
Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the βcall webhookβ action. This enables malicious users to perform web requests to internal hosts. This issue has been fixed...
8.1CVSS
8AI Score
0.001EPSS
Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session Coo...
7.5CVSS
7.5AI Score
0.0004EPSS
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only th...
5.3CVSS
5.1AI Score
0.0004EPSS