Moderate severityNVD Advisory· Published Jun 27, 2022· Updated Apr 23, 2025
Authenticated Stored XSS in Shopware Administration
CVE-2022-31057
Description
Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
shopware/shopwarePackagist | < 5.7.12 | 5.7.12 |
Affected products
1Patches
13e025a0a3e12Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-q754-vwc4-p6qjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31057ghsaADVISORY
- docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022ghsax_refsource_MISCWEB
- docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022ghsaWEB
- github.com/shopware/shopware/commit/3e025a0a3e123f4108082645b1ced6fb548f7b6fghsax_refsource_MISCWEB
- github.com/shopware/shopware/security/advisories/GHSA-q754-vwc4-p6qjghsax_refsource_CONFIRMWEB
- packagist.org/packages/shopware/shopwareghsax_refsource_MISCWEB
- www.shopware.com/en/changelog-sw5/ghsaWEB
News mentions
0No linked articles in our index yet.