CVE-2022-24873

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 5.7.9

Description The issue concerns non-stored cross-site scripting in the storefront of Shopware, an open source e-commerce software platform. This occurs because request parameters were directly assigned to the template, allowing malicious code to be sent via a URL.

Recommendations For versions prior to 5.7.9, update to version 5.7.9 to resolve the issue. As a temporary workaround for older versions, consider using the Shopware security plugin to mitigate the vulnerability.