Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-q754-vwc4-p6qj: Authenticated Stored Cross-site Scripting in Shopware

Impact

Authenticated Stored XSS in Administration

Patches

We recommend updating to version 5.7.12. You can get the update to 5.7.12 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/de/changelog-sw5/#5-7-12

For older versions you can use the Security Plugin: https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html

References

https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022

ghsa
Open in Source
#xss#git#auth

Authenticated Stored Cross-site Scripting in Shopware

Moderate severity GitHub Reviewed Published Jun 22, 2022 in shopware/shopware

Related news

CVE-2022-31057: Shopware 5 - Security Updates

Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue.

ghsa: Latest News

GHSA-26jh-r8g2-6fpr: Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
ghsa