CVE-2022-24746

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.4.8.1

Description The issue allows for code injection via the voucher code form, potentially leading to HTML injection. This problem has been identified in Shopware, an open commerce platform that utilizes the Symfony PHP framework and the Vue JavaScript framework. There are no known workarounds for this issue.

Recommendations For versions prior to 6.4.8.1, update to version 6.4.8.1 or later, such as 6.4.8.2, to resolve the issue. For older versions of 6.1, 6.2, and 6.3, consider installing a security plugin as a temporary measure, but updating to the latest Shopware version is recommended for the full range of functions. As a temporary workaround, consider restricting access to the voucher code form until the update can be applied.