shopware/shopware is vulnerable to stored cross-site scripting. The vulnerability exists in the onRouteShutdown
function in Bootstrap.php
because the input parameters are not properly filtered which allows an attacker to inject and execute arbitrary scripts.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/shopware | le | v5.7.11 | |
shopware/shopware | le | v5.7.11 |
docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022
github.com/advisories/GHSA-q754-vwc4-p6qj
github.com/shopware/shopware/commit/3e025a0a3e123f4108082645b1ced6fb548f7b6f
github.com/shopware/shopware/security/advisories/GHSA-q754-vwc4-p6qj
packagist.org/packages/shopware/shopware
www.shopware.com/de/changelog-sw5/#5-7-12