Security Advisories - shopware/shopware

shopware/shopware Security Advisories for 4.2.0 (16)

[MEDIUM] Shopware vulnerable to cross-site scripting (XSS)

PKSA-fr5t-5c3w-jydj CVE-2022-48150 GHSA-mj9r-fpv3-rgfx

Affected version: <=5.5.10

Reported by:
GitHub
[MEDIUM] Shopware contains sensitive data in backend customer module

PKSA-81h5-g5kv-7ncc CVE-2022-36101 GHSA-6vfq-jmxg-g58r

Affected version: <=5.7.14

Reported by:
GitHub
[MEDIUM] Shopware access control list bypassed via crafted specific URLs

PKSA-znm8-j44y-tzqy CVE-2022-36102 GHSA-qc43-pgwq-3q2q

Affected version: <=5.7.14

Reported by:
GitHub
[MEDIUM] Authenticated Stored Cross-site Scripting in Shopware

PKSA-1xwt-7nrv-sd1t CVE-2022-31057 GHSA-q754-vwc4-p6qj

Affected version: <5.7.12

Reported by:
GitHub
[MEDIUM] Shopware Cross-site Scripting Vulnerability

PKSA-hryr-3s7v-3nzn CVE-2019-12935 GHSA-8qxh-hcr9-2379

Affected version: <5.5.8

Reported by:
GitHub
[HIGH] Shopware SQL Injection

PKSA-mym1-8snp-5854 CVE-2018-20713 GHSA-42gv-77f4-r3j9

Affected version: <5.4.3

Reported by:
GitHub
[MEDIUM] Shopware XXE Vulnerability

PKSA-j3t1-qhmn-hrd4 CVE-2017-18357 GHSA-6m27-7cqj-2mxw

Affected version: <5.3.4

Reported by:
GitHub
[MEDIUM] Reflected Cross-site Scripting in Shopware storefront

PKSA-r9sd-kykr-vv4q CVE-2022-24873 GHSA-4g29-fccr-p59w

Affected version: <5.7.9

Reported by:
GitHub
[MEDIUM] Authenticated Stored XSS in shopware/shopware

PKSA-nzjx-5hsd-2k7q CVE-2021-41188 GHSA-4p3x-8qw9-24w9

Affected version: <5.7.6

Reported by:
GitHub
[MEDIUM] Cross-site scripting

PKSA-yc9g-8mw5-1skb CVE-2021-32713 GHSA-7vmw-7x57-q6jw

Affected version: <5.6.10

Reported by:
GitHub
[MEDIUM] Exposure of Sensitive Information to an Unauthorized Actor

PKSA-y1sh-szk7-vxh4 CVE-2021-32712 GHSA-qwpp-fgrj-h78q

Affected version: <5.6.10

Reported by:
GitHub
[LOW] Persistent XSS in customer module in Shopware

PKSA-dxn1-x964-s3tk GHSA-6gv9-7q4g-pmvm

Affected version: <5.6.9

Reported by:
GitHub
[LOW] Remote Code Execution Vulnerability

PKSA-pshr-xjbx-jhw6 GHSA-28fw-88hq-6jmm

Affected version: >=4.2.0,<4.3.0|>=4.3.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.2.25

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] Remote Code Execution Vulnerability

PKSA-cbt4-wj1h-x6nk GHSA-f6p7-8xfw-fjqq

Affected version: >=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.2.16

Reported by:
GitHub, FriendsOfPHP/security-advisories
[LOW] Remote Code Execution Vulnerability

PKSA-hdvn-86gg-45cw GHSA-hrfh-fp4x-crrq

Affected version: >=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.2.15

Reported by:
GitHub, FriendsOfPHP/security-advisories
[CRITICAL] Unauthenticated Remote Code Execution Vulnerability

PKSA-hmxj-x93g-ykvx CVE-2016-3109 GHSA-cj2f-96jq-phpp

Affected version: <4.3.7|>=5.0.0,<5.1.0|>=5.1.0,<5.1.5

Reported by:
GitHub, FriendsOfPHP/security-advisories

shopware/shopware Security Advisories for 4.2.0 (16)

[MEDIUM] Shopware vulnerable to cross-site scripting (XSS)

[MEDIUM] Shopware contains sensitive data in backend customer module

[MEDIUM] Shopware access control list bypassed via crafted specific URLs

[MEDIUM] Authenticated Stored Cross-site Scripting in Shopware

[MEDIUM] Shopware Cross-site Scripting Vulnerability

[HIGH] Shopware SQL Injection

[MEDIUM] Shopware XXE Vulnerability

[MEDIUM] Reflected Cross-site Scripting in Shopware storefront

[MEDIUM] Authenticated Stored XSS in shopware/shopware

[MEDIUM] Cross-site scripting

[MEDIUM] Exposure of Sensitive Information to an Unauthorized Actor

[LOW] Persistent XSS in customer module in Shopware

[LOW] Remote Code Execution Vulnerability

[MEDIUM] Remote Code Execution Vulnerability

[LOW] Remote Code Execution Vulnerability

[CRITICAL] Unauthenticated Remote Code Execution Vulnerability