Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shopware shopware vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2022-24744
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of ...
Shopware Shopware
312
VMScore
CVE-2021-41188
Shopware is open source e-commerce software. Versions before 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will p...
Shopware Shopware
NA
CVE-2023-34098
Shopware is an open source e-commerce software. Due to an incorrect configuration in the `.htaccess` file, the configuration file of the Javascript could be read in production environments (`themes/package-lock.json`). With this information, the specific Shopware version in a dep...
Shopware Shopware
NA
CVE-2023-34099
Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addresse...
Shopware Shopware
312
VMScore
CVE-2021-32713
Shopware is an open source eCommerce platform. Versions before 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the ...
Shopware Shopware
356
VMScore
CVE-2021-32716
Shopware is an open source eCommerce platform. In versions before 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regula...
Shopware Shopware
383
VMScore
CVE-2022-24873
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopw...
Shopware Shopware
605
VMScore
CVE-2022-24892
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an malicious user to take over the victim&...
Shopware Shopware
578
VMScore
CVE-2018-20713
Shopware prior to 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.
Shopware Shopware
NA
CVE-2022-48150
Shopware v5.5.10 exists to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI.
Shopware Shopware 5.5.10
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »