Shopware vulnerable to cross-site scripting (XSS)

CVE-2022-48150

Affected version: <=5.5.10

Reported by:
GitHub

Shopware contains sensitive data in backend customer module

CVE-2022-36101

Affected version: <=5.7.14

Reported by:
GitHub

Shopware access control list bypassed via crafted specific URLs

CVE-2022-36102

Affected version: <=5.7.14

Reported by:
GitHub

Authenticated Stored Cross-site Scripting in Shopware

CVE-2022-31057

Affected version: <5.7.12

Reported by:
GitHub

Shopware Cross-site Scripting Vulnerability

CVE-2019-12935

Affected version: <5.5.8

Reported by:
GitHub

Shopware SQL Injection

CVE-2018-20713

Affected version: <5.4.3

Reported by:
GitHub

Shopware XXE Vulnerability

CVE-2017-18357

Affected version: <5.3.4

Reported by:
GitHub

Reflected Cross-site Scripting in Shopware storefront

CVE-2022-24873

Affected version: <5.7.9

Reported by:
GitHub

Authenticated Stored XSS in shopware/shopware

CVE-2021-41188

Affected version: <5.7.6

Reported by:
GitHub

Cross-site scripting

CVE-2021-32713

Affected version: <5.6.10

Reported by:
GitHub

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2021-32712

Affected version: <5.6.10

Reported by:
GitHub

Persistent XSS in customer module in Shopware

Affected version: <5.6.9

Reported by:
GitHub

Remote Code Execution Vulnerability

Affected version: >=4.2.0,<4.3.0|>=4.3.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.2.25

Reported by:
GitHub, FriendsOfPHP/security-advisories

Remote Code Execution Vulnerability

Affected version: >=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.2.16

Reported by:
GitHub, FriendsOfPHP/security-advisories

Remote Code Execution Vulnerability

Affected version: >=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.2.15

Reported by:
GitHub, FriendsOfPHP/security-advisories

Unauthenticated Remote Code Execution Vulnerability

CVE-2016-3109

Affected version: <4.3.7|>=5.0.0,<5.1.0|>=5.1.0,<5.1.5

Reported by:
GitHub, FriendsOfPHP/security-advisories