Security Advisories - shopware/shopware

shopware/shopware Security Advisories for v5.5.6 (15)

Shopware improper mail validation vulnerability

CVE-2023-34099

Affected version: >=5.1.4,<=5.7.17

Reported by:
GitHub
Shopware vulnerable to cross-site scripting (XSS)

CVE-2022-48150

Affected version: <=5.5.10

Reported by:
GitHub
Shopware contains sensitive data in backend customer module

CVE-2022-36101

Affected version: <=5.7.14

Reported by:
GitHub
Shopware access control list bypassed via crafted specific URLs

CVE-2022-36102

Affected version: <=5.7.14

Reported by:
GitHub
Authenticated Stored Cross-site Scripting in Shopware

CVE-2022-31057

Affected version: <5.7.12

Reported by:
GitHub
Shopware Cross-site Scripting Vulnerability

CVE-2019-12935

Affected version: <5.5.8

Reported by:
GitHub
Shopware Insecure Deserialization Vulnerability

CVE-2019-12799

Affected version: >=5.3.0,<=5.6.0

Reported by:
GitHub
Multiple valid tokens for password reset in Shopware

CVE-2022-24892

Affected version: >=5.0.4,<5.7.9

Reported by:
GitHub
Malfunction of CSRF token validation in Shopware

CVE-2022-24879

Affected version: >=5.2.0,<5.7.9

Reported by:
GitHub
Reflected Cross-site Scripting in Shopware storefront

CVE-2022-24873

Affected version: <5.7.9

Reported by:
GitHub
Open redirect in shopware

CVE-2022-21651

Affected version: >=5.0.0,<5.7.7

Reported by:
GitHub
Authenticated Stored XSS in shopware/shopware

CVE-2021-41188

Affected version: <5.7.6

Reported by:
GitHub
Cross-site scripting

CVE-2021-32713

Affected version: <5.6.10

Reported by:
GitHub
Exposure of Sensitive Information to an Unauthorized Actor

CVE-2021-32712

Affected version: <5.6.10

Reported by:
GitHub
Persistent XSS in customer module in Shopware

Affected version: <5.6.9

Reported by:
GitHub