shopware/shopware Security Advisories for v5.2.0-RC3 (23)
-
[CRITICAL] Shopware Remote Code Execution Vulnerability
PKSA-v2s5-9hqh-brt4 GHSA-83jv-4prm-34g7
Affected version: >=4.2.0,<5.2.25
Reported by:
GitHub -
[MEDIUM] Shopware Non-Persistent XSS in the Frontend
PKSA-rz5w-w2yq-kc8p GHSA-jqr7-5h7r-ch8p
Affected version: >=5.2.0,<5.3.7
Reported by:
GitHub -
[CRITICAL] Shopware Remote Code Execution Vulnerability
PKSA-ntzq-vwcx-ykw1 GHSA-q3g4-2vw9-xv27
Affected version: <1.0.8|>=4.0.0,<5.2.15
Reported by:
GitHub -
[MEDIUM] Shopware improper mail validation vulnerability
PKSA-d7p2-r2dc-fk8q CVE-2023-34099 GHSA-gh66-fp7j-98v5
Affected version: >=5.1.4,<=5.7.17
Reported by:
GitHub -
[MEDIUM] Shopware vulnerable to cross-site scripting (XSS)
PKSA-fr5t-5c3w-jydj CVE-2022-48150 GHSA-mj9r-fpv3-rgfx
Affected version: <=5.5.10
Reported by:
GitHub -
[MEDIUM] Shopware contains sensitive data in backend customer module
PKSA-81h5-g5kv-7ncc CVE-2022-36101 GHSA-6vfq-jmxg-g58r
Affected version: <=5.7.14
Reported by:
GitHub -
[MEDIUM] Shopware access control list bypassed via crafted specific URLs
PKSA-znm8-j44y-tzqy CVE-2022-36102 GHSA-qc43-pgwq-3q2q
Affected version: <=5.7.14
Reported by:
GitHub -
[MEDIUM] Authenticated Stored Cross-site Scripting in Shopware
PKSA-1xwt-7nrv-sd1t CVE-2022-31057 GHSA-q754-vwc4-p6qj
Affected version: <5.7.12
Reported by:
GitHub -
[MEDIUM] Shopware Cross-site Scripting Vulnerability
PKSA-hryr-3s7v-3nzn CVE-2019-12935 GHSA-8qxh-hcr9-2379
Affected version: <5.5.8
Reported by:
GitHub -
[HIGH] Shopware SQL Injection
PKSA-mym1-8snp-5854 CVE-2018-20713 GHSA-42gv-77f4-r3j9
Affected version: <5.4.3
Reported by:
GitHub -
[MEDIUM] Shopware XXE Vulnerability
PKSA-j3t1-qhmn-hrd4 CVE-2017-18357 GHSA-6m27-7cqj-2mxw
Affected version: <5.3.4
Reported by:
GitHub -
[MEDIUM] Multiple valid tokens for password reset in Shopware
PKSA-kj6m-y9zg-sf82 CVE-2022-24892 GHSA-3qrq-r688-vvh4
Affected version: >=5.0.4,<5.7.9
Reported by:
GitHub -
[HIGH] Malfunction of CSRF token validation in Shopware
PKSA-kq7q-4yx4-t8zt CVE-2022-24879 GHSA-pf38-v6qj-j23h
Affected version: >=5.2.0,<5.7.9
Reported by:
GitHub -
[MEDIUM] Reflected Cross-site Scripting in Shopware storefront
PKSA-r9sd-kykr-vv4q CVE-2022-24873 GHSA-4g29-fccr-p59w
Affected version: <5.7.9
Reported by:
GitHub -
[MEDIUM] Open redirect in shopware
PKSA-dcfk-njqq-dgc1 CVE-2022-21651 GHSA-c53v-qmrx-93hg
Affected version: >=5.0.0,<5.7.7
Reported by:
GitHub -
[MEDIUM] Authenticated Stored XSS in shopware/shopware
PKSA-nzjx-5hsd-2k7q CVE-2021-41188 GHSA-4p3x-8qw9-24w9
Affected version: <5.7.6
Reported by:
GitHub -
[MEDIUM] Cross-site scripting
PKSA-yc9g-8mw5-1skb CVE-2021-32713 GHSA-7vmw-7x57-q6jw
Affected version: <5.6.10
Reported by:
GitHub -
[MEDIUM] Exposure of Sensitive Information to an Unauthorized Actor
PKSA-y1sh-szk7-vxh4 CVE-2021-32712 GHSA-qwpp-fgrj-h78q
Affected version: <5.6.10
Reported by:
GitHub -
[LOW] Persistent XSS in customer module in Shopware
PKSA-dxn1-x964-s3tk GHSA-6gv9-7q4g-pmvm
Affected version: <5.6.9
Reported by:
GitHub -
[MEDIUM] Non-Persistent XSS
PKSA-nx3v-6wzc-5k1d GHSA-9vxv-wpv4-f52p
Affected version: >=5.2.0,<5.3.0|>=5.3.0,<5.3.7
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Remote Code Execution Vulnerability
PKSA-pshr-xjbx-jhw6 GHSA-28fw-88hq-6jmm
Affected version: >=4.2.0,<4.3.0|>=4.3.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.2.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Remote Code Execution Vulnerability
PKSA-cbt4-wj1h-x6nk GHSA-f6p7-8xfw-fjqq
Affected version: >=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.2.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Remote Code Execution Vulnerability
PKSA-hdvn-86gg-45cw GHSA-hrfh-fp4x-crrq
Affected version: >=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.2.15
Reported by:
GitHub, FriendsOfPHP/security-advisories