Vulnerabilidades em shopware
57 resultadosCVE-2021-37708HIGHCommand injection in mail agent settingsEPSS 2.4%CVE-2021-32717HIGHPrivate files publicly accessible with Cloud Storage providersEPSS 1.5%CVE-2021-32711CRITICALLeak of information via Store-APIEPSS 1.4%CVE-2023-22731CRITICALImproper Control of Generation of Code in Twig rendered views in shopwareEPSS 1.3%CVE-2021-32712MEDIUMInformation leakage in Error HandlerEPSS 1.1%CVE-2021-32716MEDIUMInternal hidden fields are visible on to many associations in admin apiEPSS 1.1%CVE-2021-37711HIGHAuthenticated server-side request forgery in file upload via URL.EPSS 1.1%CVE-2022-24747MEDIUMHTTP caching is marking private HTTP headers as publicEPSS 1.1%CVE-2022-24871HIGHServer-Side Request Forgery (SSRF) in ShopwareEPSS 1.0%CVE-2022-24872HIGHImproper Access Control in shopwareEPSS 1.0%CVE-2021-37707MEDIUMManipulation of product reviews via APIEPSS 0.9%CVE-2021-32710MEDIUMPotential Session Hijacking in ShopwareEPSS 0.9%CVE-2024-42355HIGHShopware vulnerable to Server Side Template Injection in Twig using deprecation silence tagEPSS 0.9%CVE-2022-24892MEDIUMMultiple valid tokens for password reset in ShopwareEPSS 0.8%CVE-2022-24746MEDIUMHTML injection possibility in voucher code formEPSS 0.8%CVE-2022-21652LOWInsufficient Session Expiration in shopwareEPSS 0.8%CVE-2021-37709MEDIUMInsecure direct object reference of log files of the Import/Export featureEPSS 0.8%CVE-2022-21651MEDIUMOpen redirect in shopwareEPSS 0.8%CVE-2022-24873MEDIUMNon-Stored Cross-site Scripting in Shopware storefrontEPSS 0.7%CVE-2021-41188MEDIUMAuthenticated Stored XSS in AdministrationEPSS 0.7%