shopware/shopware is vulnerable to persistent cross-site scripting. The vulnerability exists in renderer
function in preview.js
because the email field is not properly escaped which allows an attacker to inject and execute arbitrary javascript.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/shopware | le | v5.7.13 | |
shopware/shopware | le | v5.7.13 |
docs.shopware.com/en/shopware-5-en/security-updates/security-update-07-2022
github.com/advisories/GHSA-5834-xv5q-cgfw
github.com/shopware/shopware/commit/13e67baae3adc6c3e231c323104fa66b4f7d2e93
github.com/shopware/shopware/commit/7875855005648fba7b39371a70816afae2e07daf
github.com/shopware/shopware/security/advisories/GHSA-5834-xv5q-cgfw