Page 7 of 47 results (0.025 seconds)

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will protect against cross-site scripting in this case. • https://docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021 https://github.com/shopware/shopware/commit/37213e91d525c95df262712cba80d1497e395a58 https://github.com/shopware/shopware/releases/tag/v5.7.6 https://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9 https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. Shopware es una plataforma de comercio electrónico de código abierto. • https://github.com/shopware/platform/commit/abe9f69e1f667800f974acccd3047b4930e4b423 https://github.com/shopware/platform/security/advisories/GHSA-fc38-mxwr-pfhx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. Shopware es una plataforma de comercio electrónico de código abierto. • https://github.com/shopware/platform/commit/a9f52abb6eb503654c492b6b2076f8d924831fec https://github.com/shopware/platform/security/advisories/GHSA-54gp-qff8-946c • CWE-532: Insertion of Sensitive Information into Log File CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. Shopware es una plataforma de comercio electrónico de código abierto. • https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2021 https://github.com/shopware/shopware/commit/dcb24eb5ec757c991b5a4e2ddced379e5820744d https://github.com/shopware/shopware/security/advisories/GHSA-9vxv-wpv4-f52p • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. Shopware es una plataforma de comercio electrónico de código abierto. • https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2021 https://github.com/shopware/shopware/commit/a0850ffbc6f581a8eb8425cc2bf77a0715e21e12 https://github.com/shopware/shopware/security/advisories/GHSA-f6p7-8xfw-fjqq • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •