← voltar
CVE-2022-24873

Non-Stored Cross-site Scripting in Shopware storefront

CVSS 5.4 MEDIUMEPSS 0.7%CWE-79
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Produtos afetados
shopware · shopware

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022https://github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59whttps://www.shopware.com/en/changelog-sw5/#5-7-9