Shopware improper mail validation vulnerability

CVE-2023-34099

Affected version: >=5.1.4,<=5.7.17

Reported by:
GitHub

Shopware vulnerable to cross-site scripting (XSS)

CVE-2022-48150

Affected version: <=5.5.10

Reported by:
GitHub

Shopware contains sensitive data in backend customer module

CVE-2022-36101

Affected version: <=5.7.14

Reported by:
GitHub

Shopware access control list bypassed via crafted specific URLs

CVE-2022-36102

Affected version: <=5.7.14

Reported by:
GitHub

Authenticated Stored Cross-site Scripting in Shopware

CVE-2022-31057

Affected version: <5.7.12

Reported by:
GitHub

Shopware Cross-site Scripting Vulnerability

CVE-2019-12935

Affected version: <5.5.8

Reported by:
GitHub

Shopware XSS Vulnerability

CVE-2017-15374

Affected version: >=5.2.5,<=5.3

Reported by:
GitHub

Shopware SQL Injection

CVE-2018-20713

Affected version: <5.4.3

Reported by:
GitHub

Shopware XXE Vulnerability

CVE-2017-18357

Affected version: <5.3.4

Reported by:
GitHub

Multiple valid tokens for password reset in Shopware

CVE-2022-24892

Affected version: >=5.0.4,<5.7.9

Reported by:
GitHub

Malfunction of CSRF token validation in Shopware

CVE-2022-24879

Affected version: >=5.2.0,<5.7.9

Reported by:
GitHub

Reflected Cross-site Scripting in Shopware storefront

CVE-2022-24873

Affected version: <5.7.9

Reported by:
GitHub

Open redirect in shopware

CVE-2022-21651

Affected version: >=5.0.0,<5.7.7

Reported by:
GitHub

Authenticated Stored XSS in shopware/shopware

CVE-2021-41188

Affected version: <5.7.6

Reported by:
GitHub

Cross-site scripting

CVE-2021-32713

Affected version: <5.6.10

Reported by:
GitHub

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2021-32712

Affected version: <5.6.10

Reported by:
GitHub

Persistent XSS in customer module in Shopware

Affected version: <5.6.9

Reported by:
GitHub

Non-Persistent XSS

Affected version: >=5.2.0,<5.3.0|>=5.3.0,<5.3.7

Reported by:
GitHub, FriendsOfPHP/security-advisories