CVE-2022-31148

Name of the Vulnerable Software and Affected Versions Shopware versions 5.7.0 through 5.7.13

Description A persistent cross-site scripting (XSS) issue exists in the customer module. This allows for malicious scripts to be executed in the context of the user's session. Users are recommended to update to the current version to resolve the issue. There are no known workarounds for this problem.

Recommendations For versions 5.7.0 through 5.7.13, update to version 5.7.14 via the Auto-Updater or directly via the download overview. For older versions, consider using the Security Plugin as a temporary mitigation measure until a more permanent solution can be applied. As a temporary workaround, consider restricting access to the customer module until the update to version 5.7.14 can be applied.