shopware/shopware is vulnerable to non-stored cross-site scripting. The vulnerability exists in storefront because the input parameters are not properly filtered which allows an attacker to inject and execute arbitrary scripts via url.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/shopware | le | v5.7.8 | |
shopware/shopware | le | v5.7.8 |
docs.shopware.com/en/shopware-5-en/security-updates/security-update
docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022
github.com/advisories/GHSA-4g29-fccr-p59w
github.com/shopware/shopware/commit/ab452b91a7571030e7ed10ff867c76bb7d75dc83
github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59w
www.shopware.com/en/changelog-sw5/#5-7-9