shopware/shopware Security Advisories for v5.7.10 (7)
-
[MEDIUM] Shopware improper mail validation vulnerability
PKSA-d7p2-r2dc-fk8q CVE-2023-34099 GHSA-gh66-fp7j-98v5
Affected version: >=5.1.4,<=5.7.17
Reported by:
GitHub -
[MEDIUM] Shopware dependency configuration exposed
PKSA-w5gn-7nnv-hgff CVE-2023-34098 GHSA-q97c-2mh3-pgw9
Affected version: >=5.6.0,<=5.7.17
Reported by:
GitHub -
[MEDIUM] Shopware contains sensitive data in backend customer module
PKSA-81h5-g5kv-7ncc CVE-2022-36101 GHSA-6vfq-jmxg-g58r
Affected version: <=5.7.14
Reported by:
GitHub -
[MEDIUM] Shopware access control list bypassed via crafted specific URLs
PKSA-znm8-j44y-tzqy CVE-2022-36102 GHSA-qc43-pgwq-3q2q
Affected version: <=5.7.14
Reported by:
GitHub -
[MEDIUM] Shopware vulnerable to persistent cross site scripting (XSS) in customer module
PKSA-tww8-q2sq-vrh9 CVE-2022-31148 GHSA-5834-xv5q-cgfw
Affected version: >=5.7.0,<=5.7.13
Reported by:
GitHub -
[MEDIUM] Authenticated Stored Cross-site Scripting in Shopware
PKSA-1xwt-7nrv-sd1t CVE-2022-31057 GHSA-q754-vwc4-p6qj
Affected version: <5.7.12
Reported by:
GitHub -
[HIGH] Shopware database password is leaked to an unauthenticated users
PKSA-9ghf-ccy2-rddt CVE-2020-13997 GHSA-r4ph-mx67-x58p
Affected version: <6.2.3
Reported by:
GitHub