CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32712 – Information leakage in Error Handler
https://notcve.org/view.php?id=CVE-2021-32712
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. Shopware es una plataforma de comercio electrónico de código abierto. • https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2021 https://github.com/shopware/shopware/commit/dcb24eb5ec757c991b5a4e2ddced379e5820744d https://github.com/shopware/shopware/security/advisories/GHSA-9vxv-wpv4-f52p • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32713 – Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-32713
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. Shopware es una plataforma de comercio electrónico de código abierto. • https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2021 https://github.com/shopware/shopware/commit/a0850ffbc6f581a8eb8425cc2bf77a0715e21e12 https://github.com/shopware/shopware/security/advisories/GHSA-f6p7-8xfw-fjqq • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32711 – Leak of information via Store-API
https://notcve.org/view.php?id=CVE-2021-32711
Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. We recommend to update to the current version 6.3.5.1. • https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2021 https://github.com/shopware/platform/commit/157fb84a8b3b4ace4be165a033d559826704829b https://github.com/shopware/platform/security/advisories/GHSA-f2vv-h5x4-57gr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32710 – Potential Session Hijacking in Shopware
https://notcve.org/view.php?id=CVE-2021-32710
Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. • https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg • CWE-384: Session Fixation •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32709 – Creation of order credits was not validated by acl in admin orders
https://notcve.org/view.php?id=CVE-2021-32709
Shopware is an open source eCommerce platform. Creation of order credits was not validated by ACL in admin orders. Users are recommend to update to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. • https://github.com/shopware/platform/security/advisories/GHSA-g7w8-pp9w-7p32 • CWE-306: Missing Authentication for Critical Function •