Security Advisories - shopware/storefront - Packagist

shopware/storefront Security Advisories for 6.4.8.1 (3)

[HIGH] Shopware Storefront Reflected XSS in Storefront Login Page

PKSA-hv1g-94j4-tpht CVE-2025-67648 GHSA-6w82-v552-wjw2

Affected version: >=6.7.0.0,<6.7.5.1|>=6.4.6.0,<6.6.10.10

Reported by:
GitHub
[MEDIUM] HTTP caching is marking private HTTP headers as public in Shopware

PKSA-jkxk-vsfj-5htm CVE-2022-24747 GHSA-6wrh-279j-6hvw

Affected version: <=6.4.8.1

Reported by:
GitHub
[MEDIUM] Shopware guest session is shared between customers

PKSA-yfgt-8j4b-756q CVE-2022-24745 GHSA-jp6h-mxhx-pgqh

Affected version: <=6.4.8.1

Reported by:
GitHub