[MEDIUM] Shopware improper mail validation vulnerability

PKSA-d7p2-r2dc-fk8q CVE-2023-34099 GHSA-gh66-fp7j-98v5

Affected version: >=5.1.4,<=5.7.17

Reported by:
GitHub

[MEDIUM] Shopware dependency configuration exposed

PKSA-w5gn-7nnv-hgff CVE-2023-34098 GHSA-q97c-2mh3-pgw9

Affected version: >=5.6.0,<=5.7.17

Reported by:
GitHub

[MEDIUM] Shopware contains sensitive data in backend customer module

PKSA-81h5-g5kv-7ncc CVE-2022-36101 GHSA-6vfq-jmxg-g58r

Affected version: <=5.7.14

Reported by:
GitHub

[MEDIUM] Shopware access control list bypassed via crafted specific URLs

PKSA-znm8-j44y-tzqy CVE-2022-36102 GHSA-qc43-pgwq-3q2q

Affected version: <=5.7.14

Reported by:
GitHub

[MEDIUM] Authenticated Stored Cross-site Scripting in Shopware

PKSA-1xwt-7nrv-sd1t CVE-2022-31057 GHSA-q754-vwc4-p6qj

Affected version: <5.7.12

Reported by:
GitHub

[HIGH] Shopware database password is leaked to an unauthenticated users

PKSA-9ghf-ccy2-rddt CVE-2020-13997 GHSA-r4ph-mx67-x58p

Affected version: <6.2.3

Reported by:
GitHub

[MEDIUM] Multiple valid tokens for password reset in Shopware

PKSA-kj6m-y9zg-sf82 CVE-2022-24892 GHSA-3qrq-r688-vvh4

Affected version: >=5.0.4,<5.7.9

Reported by:
GitHub

[HIGH] Malfunction of CSRF token validation in Shopware

PKSA-kq7q-4yx4-t8zt CVE-2022-24879 GHSA-pf38-v6qj-j23h

Affected version: >=5.2.0,<5.7.9

Reported by:
GitHub

[MEDIUM] Reflected Cross-site Scripting in Shopware storefront

PKSA-r9sd-kykr-vv4q CVE-2022-24873 GHSA-4g29-fccr-p59w

Affected version: <5.7.9

Reported by:
GitHub

[MEDIUM] Open redirect in shopware

PKSA-dcfk-njqq-dgc1 CVE-2022-21651 GHSA-c53v-qmrx-93hg

Affected version: >=5.0.0,<5.7.7

Reported by:
GitHub

[MEDIUM] Authenticated Stored XSS in shopware/shopware

PKSA-nzjx-5hsd-2k7q CVE-2021-41188 GHSA-4p3x-8qw9-24w9

Affected version: <5.7.6

Reported by:
GitHub