6.1
CVSSv3

CVE-2017-15374

Published: 16/10/2017 Updated: 24/01/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend. The execution occurs in the administrator backend listing when processing a preview of the customers (kunden) or orders (bestellungen). The injection can be performed interactively via user registration or by manipulation of the order information inputs. The issue can be exploited by low privileged user accounts against higher privileged (admin or moderator) accounts.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

shopware shopware 5.2.22

shopware shopware 5.2.21

shopware shopware 5.2.13

shopware shopware 5.2.12

shopware shopware 5.2.5

shopware shopware 5.3.0

shopware shopware 5.2.27

shopware shopware 5.2.20

shopware shopware 5.2.19

shopware shopware 5.2.18

shopware shopware 5.2.11

shopware shopware 5.2.10

shopware shopware 5.2.26

shopware shopware 5.2.25

shopware shopware 5.2.17

shopware shopware 5.2.16

shopware shopware 5.2.9

shopware shopware 5.2.8

shopware shopware 5.2.24

shopware shopware 5.2.23

shopware shopware 5.2.15

shopware shopware 5.2.14

shopware shopware 5.2.7

shopware shopware 5.2.6

Exploits

Document Title: =============== Shopware 525 & v53 - Multiple Cross Site Scripting Web Vulnerabilities References (Source): ==================== wwwvulnerability-labcom/get_contentphp?id=1922 Shopware Security Tracking ID: SW-19834 Security Update: communityshopwarecom/Downloads_cat_448html#534 communitysho ...

Mailing Lists

Shopware versions 525 and 53 suffer from multiple cross site scripting vulnerabilities ...