Page 7 of 54 results (0.014 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can't be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue. • https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022 https://github.com/shopware/shopware/commit/47ebd126a94f4b019b6fde64c0df3d18d74ef7d0 https://github.com/shopware/shopware/security/advisories/GHSA-p523-jrph-qjc6 • CWE-613: Insufficient Session Expiration •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible. • https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022 https://github.com/shopware/shopware/commit/a90046c765c57a46c4399dce17bd174253c32886 https://github.com/shopware/shopware/security/advisories/GHSA-c53v-qmrx-93hg • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will protect against cross-site scripting in this case. • https://docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021 https://github.com/shopware/shopware/commit/37213e91d525c95df262712cba80d1497e395a58 https://github.com/shopware/shopware/releases/tag/v5.7.6 https://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9 https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. Las versiones anteriores a la 6.4.3.1 contienen una vulnerabilidad de tipo server-side request forgery autenticado en la carga de archivos por medio de URL. La versión 6.4.3.1 contiene un parche. • https://github.com/shopware/platform/commit/b9f330e652b743dd2374c02bbe68f28b59a3f502 https://github.com/shopware/platform/security/advisories/GHSA-gcvv-gq92-x94r • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. Shopware es una plataforma de comercio electrónico de código abierto. • https://github.com/shopware/platform/commit/abe9f69e1f667800f974acccd3047b4930e4b423 https://github.com/shopware/platform/security/advisories/GHSA-fc38-mxwr-pfhx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •