Page 4 of 54 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This problem has been fixed with version 6.4.18.1. Users are advised to upgrade. • https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates https://github.com/shopware/platform/commit/f5a95ee2bcf1e546878450963ef1d9886e59a620 https://github.com/shopware/platform/security/advisories/GHSA-46h7-vj7x-fxg2 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Users are advised to update to the current version (5.7.15). Users can get the update via the Auto-Updater or directly via the download overview. • https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022 https://github.com/shopware/shopware/commit/de92d3a78279119a5bbe203054f8fa1d25126af6 https://github.com/shopware/shopware/security/advisories/GHSA-qc43-pgwq-3q2q https://packagist.org/packages/shopware/shopware • CWE-281: Improper Preservation of Permissions •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue. • https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022 https://github.com/shopware/shopware/commit/af5cdbc81d60f21b728e1433aeb8837f25938d2a https://github.com/shopware/shopware/security/advisories/GHSA-6vfq-jmxg-g58r https://packagist.org/packages/shopware/shopware • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue. • https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-07-2022 https://github.com/shopware/shopware/commit/7875855005648fba7b39371a70816afae2e07daf https://github.com/shopware/shopware/security/advisories/GHSA-5834-xv5q-cgfw • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue. Shopware es un software de comercio electrónico de código abierto fabricado en Alemania. • https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022 https://github.com/shopware/shopware/commit/3e025a0a3e123f4108082645b1ced6fb548f7b6f https://github.com/shopware/shopware/security/advisories/GHSA-q754-vwc4-p6qj https://packagist.org/packages/shopware/shopware • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •