Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shopware shopware vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2021-32716
Shopware is an open source eCommerce platform. In versions before 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regula...
Shopware Shopware
7.5
CVSSv3
CVE-2021-32717
Shopware is an open source eCommerce platform. In versions before 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentat...
Shopware Shopware
4.8
CVSSv3
CVE-2021-32713
Shopware is an open source eCommerce platform. Versions before 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the ...
Shopware Shopware
7.5
CVSSv3
CVE-2022-24879
Shopware is an open source e-commerce software platform. Versions before 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixe...
Shopware Shopware
3.5
CVSSv3
CVE-2022-24744
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of ...
Shopware Shopware
6.5
CVSSv3
CVE-2022-24745
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish a...
Shopware Shopware
6.1
CVSSv3
CVE-2022-24746
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue.
Shopware Shopware
5.5
CVSSv3
CVE-2022-24871
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of ...
Shopware Shopware
8.1
CVSSv3
CVE-2022-24872
Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corre...
Shopware Shopware
6.1
CVSSv3
CVE-2022-24873
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopw...
Shopware Shopware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »