Moderate severityNVD Advisory· Published Aug 1, 2022· Updated Apr 23, 2025
Persistent cross site scripting in customer module in Shopware
CVE-2022-31148
Description
Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
shopware/shopwarePackagist | >= 5.7.0, < 5.7.14 | 5.7.14 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-5834-xv5q-cgfwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31148ghsaADVISORY
- docs.shopware.com/en/shopware-5-en/security-updates/security-update-07-2022ghsax_refsource_MISCWEB
- github.com/shopware/shopware/commit/7875855005648fba7b39371a70816afae2e07dafghsax_refsource_MISCWEB
- github.com/shopware/shopware/security/advisories/GHSA-5834-xv5q-cgfwghsax_refsource_CONFIRMWEB
- www.shopware.com/en/changelog-sw5/ghsaWEB
News mentions
0No linked articles in our index yet.