Page 4 of 39 results (0.018 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue. Shopware es un software de comercio electrónico de código abierto fabricado en Alemania. • https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022 https://github.com/shopware/shopware/commit/3e025a0a3e123f4108082645b1ced6fb548f7b6f https://github.com/shopware/shopware/security/advisories/GHSA-q754-vwc4-p6qj https://packagist.org/packages/shopware/shopware • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9. • https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022 https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4 https://www.shopware.com/en/changelog-sw5/#5-7-9 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. • https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022 https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h https://www.shopware.com/en/changelog-sw5/#5-7-9 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. Shopware es una plataforma de software de comercio electrónico de código abierto. • https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022 https://github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59w https://www.shopware.com/en/changelog-sw5/#5-7-9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue. • https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022 https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc • CWE-732: Incorrect Permission Assignment for Critical Resource •