Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shopware shopware vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-24747
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be expo...
Shopware Shopware
5
CVSSv2
CVE-2022-24748
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions before 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are a...
Shopware Shopware
6.8
CVSSv2
CVE-2022-24892
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an malicious user to take over the victim&...
Shopware Shopware
4
CVSSv2
CVE-2021-32709
Shopware is an open source eCommerce platform. Creation of order credits was not validated by ACL in admin orders. Users are recommend to update to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview....
Shopware Shopware
5
CVSSv2
CVE-2021-32710
Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. ...
Shopware Shopware
5
CVSSv2
CVE-2021-32711
Shopware is an open source eCommerce platform. Versions before 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by t...
Shopware Shopware
5
CVSSv2
CVE-2021-32712
Shopware is an open source eCommerce platform. Versions before 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download over...
Shopware Shopware
3.5
CVSSv2
CVE-2021-32713
Shopware is an open source eCommerce platform. Versions before 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the ...
Shopware Shopware
4
CVSSv2
CVE-2021-32716
Shopware is an open source eCommerce platform. In versions before 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regula...
Shopware Shopware
3.5
CVSSv2
CVE-2020-13971
In Shopware prior to 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication.
Shopware Shopware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »