Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shopware shopware vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2022-21652
Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a ...
Shopware Shopware
3.5
CVSSv2
CVE-2022-31057
Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue.
Shopware Shopware
5
CVSSv2
CVE-2021-37707
Shopware is an open source eCommerce platform. Versions before 6.4.3.1 contain a vulnerability that allows manipulation of product reviews via API. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also a...
Shopware Shopware
7.5
CVSSv2
CVE-2021-37708
Shopware is an open source eCommerce platform. Versions before 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available vi...
Shopware Shopware
4
CVSSv2
CVE-2021-37709
Shopware is an open source eCommerce platform. Versions before 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corres...
Shopware Shopware
3.5
CVSSv2
CVE-2021-37710
Shopware is an open source eCommerce platform. Versions before 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available vi...
Shopware Shopware
6.5
CVSSv2
CVE-2021-37711
Versions before 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
Shopware Shopware
3.5
CVSSv2
CVE-2021-41188
Shopware is open source e-commerce software. Versions before 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will p...
Shopware Shopware
4.3
CVSSv2
CVE-2019-12935
Shopware prior to 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
Shopware Shopware
NA
CVE-2022-48150
Shopware v5.5.10 exists to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI.
Shopware Shopware 5.5.10
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
malicious code
camera
CVE-2023-46694
CVE-2023-43847
CVE-2023-30311
CVE-2024-27842
CVE-2024-30165
arbitrary code
CVE-2024-21683
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »