PT-2022-20495 · Shopware · Shopware

Published

2022-06-22

Updated

2022-07-07

CVE-2022-31057

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Shopware 5 versions prior to 5.7.12

Description The issue is an authenticated Stored XSS in the Administration of Shopware, an open-source e-commerce software. Users are advised to upgrade to resolve the issue. There are no known workarounds for this problem.

Recommendations For versions prior to 5.7.12, update to version 5.7.12 using the Auto-Updater or directly via the download overview. For older versions, consider using the Security Plugin as a mitigation measure.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-31057

GHSA-Q754-VWC4-P6QJ

Affected Products

Shopware

PT-2022-20495 · Shopware · Shopware

CVE-2022-31057

Weakness Enumeration

Related Identifiers

Affected Products

References · 13