Moderate severityNVD Advisory· Published Aug 1, 2022· Updated Apr 23, 2025
Persistent cross site scripting in customer module in Shopware
CVE-2022-31148
Description
Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
shopware/shopwarePackagist | >= 5.7.0, < 5.7.14 | 5.7.14 |
Affected products
1Patches
1787585500564Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-5834-xv5q-cgfwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31148ghsaADVISORY
- docs.shopware.com/en/shopware-5-en/security-updates/security-update-07-2022ghsax_refsource_MISCWEB
- github.com/shopware/shopware/commit/7875855005648fba7b39371a70816afae2e07dafghsax_refsource_MISCWEB
- github.com/shopware/shopware/security/advisories/GHSA-5834-xv5q-cgfwghsax_refsource_CONFIRMWEB
- www.shopware.com/en/changelog-sw5/ghsaWEB
News mentions
0No linked articles in our index yet.