Shopware improper mail validation vulnerability

CVE-2023-34099

Affected version: >=5.1.4,<=5.7.17

Reported by:
GitHub

Shopware dependency configuration exposed

CVE-2023-34098

Affected version: >=5.6.0,<=5.7.17

Reported by:
GitHub

Shopware contains sensitive data in backend customer module

CVE-2022-36101

Affected version: <=5.7.14

Reported by:
GitHub

Shopware access control list bypassed via crafted specific URLs

CVE-2022-36102

Affected version: <=5.7.14

Reported by:
GitHub

Shopware vulnerable to persistent cross site scripting (XSS) in customer module

CVE-2022-31148

Affected version: >=5.7.0,<=5.7.13

Reported by:
GitHub

Authenticated Stored Cross-site Scripting in Shopware

CVE-2022-31057

Affected version: <5.7.12

Reported by:
GitHub

Multiple valid tokens for password reset in Shopware

CVE-2022-24892

Affected version: >=5.0.4,<5.7.9

Reported by:
GitHub

Malfunction of CSRF token validation in Shopware

CVE-2022-24879

Affected version: >=5.2.0,<5.7.9

Reported by:
GitHub

Reflected Cross-site Scripting in Shopware storefront

CVE-2022-24873

Affected version: <5.7.9

Reported by:
GitHub

Open redirect in shopware

CVE-2022-21651

Affected version: >=5.0.0,<5.7.7

Reported by:
GitHub

Authenticated Stored XSS in shopware/shopware

CVE-2021-41188

Affected version: <5.7.6

Reported by:
GitHub