VYPR

Packagist (Composer) package

shopware/storefront

pkg:composer/shopware/storefront

Vulnerabilities (5)

  • CVE-2025-67648Dec 10, 2025
    affected >= 6.4.6.0, < 6.6.10.10fixed 6.6.10.10

    Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from the login page URL is directly rendered within the Twig template of the Storefront login page wi

  • CVE-2024-27917Mar 6, 2024
    affected >= 6.5.8.0, < 6.5.8.7fixed 6.5.8.7

    Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which con

  • CVE-2022-24745Mar 9, 2022
    affected < 6.4.8.2fixed 6.4.8.2

    Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish a

  • CVE-2022-24746Mar 9, 2022
    affected < 6.4.8.1fixed 6.4.8.1

    Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue.

  • CVE-2022-24747Mar 9, 2022
    affected < 6.4.8.2fixed 6.4.8.2

    Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be expo