Shopware
by Shopware
Source repositories
CVEs (46)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-24956 | 0.00 | — | 0.01 | Mar 29, 2022 | An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability… | |||
| CVE-2022-21652 | 0.00 | — | 0.01 | Jan 5, 2022 | Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a… | |||
| CVE-2022-21651 | 0.00 | — | 0.01 | Jan 5, 2022 | Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users… | |||
| CVE-2021-41188 | 0.00 | — | 0.01 | Oct 26, 2021 | Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file… | |||
| CVE-2021-32712 | 0.00 | — | 0.01 | Jun 24, 2021 | Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download… | |||
| CVE-2021-32713 | 0.00 | — | 0.01 | Jun 24, 2021 | Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via… |
- CVE-2022-24956Mar 29, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability…
- CVE-2022-21652Jan 5, 2022risk 0.00cvss —epss 0.01
Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a…
- CVE-2022-21651Jan 5, 2022risk 0.00cvss —epss 0.01
Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users…
- CVE-2021-41188Oct 26, 2021risk 0.00cvss —epss 0.01
Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file…
- CVE-2021-32712Jun 24, 2021risk 0.00cvss —epss 0.01
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download…
- CVE-2021-32713Jun 24, 2021risk 0.00cvss —epss 0.01
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via…
Page 3 of 3