Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/53869?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/53869?format=api", "purl": "pkg:composer/shopware/shopware@5.3.0", "type": "composer", "namespace": "shopware", "name": "shopware", "version": "5.3.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.7.18", "latest_non_vulnerable_version": "6.2.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/348057?format=api", "vulnerability_id": "VCID-1ser-mx5j-6fgq", "summary": "Persistent XSS in newsletter module in Shopware\n### Impact\nPersistent XSS in newsletter module\n\n### Patches\n\nWe recommend updating to the current version 5.6.9. You can get the update to 5.6.9 regularly via the Auto-Updater or directly via the download overview.\n\nFor older versions you can use the Security Plugin:\nhttps://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html\n\n### References\nhttps://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020", "references": [ { "reference_url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020" }, { "reference_url": "https://github.com/shopware/shopware/security/advisories/GHSA-hrfh-fp4x-crrq", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware/security/advisories/GHSA-hrfh-fp4x-crrq" }, { "reference_url": "https://github.com/advisories/GHSA-hrfh-fp4x-crrq", "reference_id": "GHSA-hrfh-fp4x-crrq", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hrfh-fp4x-crrq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/202987?format=api", "purl": "pkg:composer/shopware/shopware@5.6.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-723p-njjg-efbn" }, { "vulnerability": "VCID-8n77-xfpc-sucm" }, { "vulnerability": "VCID-961c-853p-xyfv" }, { "vulnerability": "VCID-aqye-gbxj-4kbv" }, { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-c31u-jza2-hke9" }, { "vulnerability": "VCID-cmgu-xukg-cfdz" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-j2nj-awm2-kffb" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-mg54-375u-vfhr" }, { "vulnerability": "VCID-trhv-dwjm-zfav" }, { "vulnerability": "VCID-wb2q-jutm-gkgu" }, { "vulnerability": "VCID-wxfs-kd2p-nbbv" }, { "vulnerability": "VCID-zhc5-hvqg-gbf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.6.9" } ], "aliases": [ "GHSA-hrfh-fp4x-crrq", "GMS-2020-601" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ser-mx5j-6fgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/340825?format=api", "vulnerability_id": "VCID-2xvz-338c-dygp", "summary": "Shopware Non-Persistent XSS in the Frontend", "references": [ { "reference_url": "https://community.shopware.com/_detail_2048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.shopware.com/_detail_2048.html" }, { "reference_url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2018?category=shopware-5-en/security-updates", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2018?category=shopware-5-en/security-updates" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2018-01-22.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2018-01-22.yaml" }, { "reference_url": "https://github.com/shopware5/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware5/shopware" }, { "reference_url": "https://github.com/shopware5/shopware/commit/54461aa651566dc2701b873fe6bd94589604751b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware5/shopware/commit/54461aa651566dc2701b873fe6bd94589604751b" }, { "reference_url": "https://github.com/advisories/GHSA-jqr7-5h7r-ch8p", "reference_id": "GHSA-jqr7-5h7r-ch8p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jqr7-5h7r-ch8p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53852?format=api", "purl": "pkg:composer/shopware/shopware@5.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ser-mx5j-6fgq" }, { "vulnerability": "VCID-64sz-7hp3-ykds" }, { "vulnerability": "VCID-6cb3-b3qq-juap" }, { "vulnerability": "VCID-723p-njjg-efbn" }, { "vulnerability": "VCID-8n77-xfpc-sucm" }, { "vulnerability": "VCID-961c-853p-xyfv" }, { "vulnerability": "VCID-aqye-gbxj-4kbv" }, { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-c3rs-ndfu-c3bq" }, { "vulnerability": "VCID-cmgu-xukg-cfdz" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-j2nj-awm2-kffb" }, { "vulnerability": "VCID-jdsx-yw76-9feu" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-mg54-375u-vfhr" }, { "vulnerability": "VCID-qdc8-dtad-zfaj" }, { "vulnerability": "VCID-s65a-68au-eyeg" }, { "vulnerability": "VCID-vzee-b74h-jqez" }, { "vulnerability": "VCID-vzv3-795x-gfhd" }, { "vulnerability": "VCID-wb2q-jutm-gkgu" }, { "vulnerability": "VCID-wxfs-kd2p-nbbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.3.7" } ], "aliases": [ "GHSA-jqr7-5h7r-ch8p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xvz-338c-dygp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/154062?format=api", "vulnerability_id": "VCID-64sz-7hp3-ykds", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75028", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13997" }, { "reference_url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020" }, { "reference_url": "https://github.com/shopware/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13997", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13997" }, { "reference_url": "https://www.shopware.com/en/changelog/#6-2-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.shopware.com/en/changelog/#6-2-3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/417789?format=api", "purl": "pkg:composer/shopware/shopware@6.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.2.3" } ], "aliases": [ "CVE-2020-13997", "GHSA-r4ph-mx67-x58p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64sz-7hp3-ykds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13716?format=api", "vulnerability_id": "VCID-6cb3-b3qq-juap", "summary": "Deserialization of Untrusted Data\nIn `createInstanceFromNamedArguments` in Shopware, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12799", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24236", "scoring_system": "epss", "scoring_elements": "0.96183", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12799" }, { "reference_url": "https://github.com/advisories/GHSA-6m27-7cqj-2mxw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6m27-7cqj-2mxw" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/pull/11828", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rapid7/metasploit-framework/pull/11828" }, { "reference_url": "https://github.com/shopware5/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware5/shopware" }, { "reference_url": "https://web.archive.org/web/20171112153855/https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20171112153855/https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12799", "reference_id": "CVE-2019-12799", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12799" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57225?format=api", "purl": "pkg:composer/shopware/shopware@5.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ser-mx5j-6fgq" }, { "vulnerability": "VCID-64sz-7hp3-ykds" }, { "vulnerability": "VCID-723p-njjg-efbn" }, { "vulnerability": "VCID-8n77-xfpc-sucm" }, { "vulnerability": "VCID-961c-853p-xyfv" }, { "vulnerability": "VCID-aqye-gbxj-4kbv" }, { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-cmgu-xukg-cfdz" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-j2nj-awm2-kffb" }, { "vulnerability": "VCID-jdsx-yw76-9feu" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-mg54-375u-vfhr" }, { "vulnerability": "VCID-qdc8-dtad-zfaj" }, { "vulnerability": "VCID-s65a-68au-eyeg" }, { "vulnerability": "VCID-trhv-dwjm-zfav" }, { "vulnerability": "VCID-vzee-b74h-jqez" }, { "vulnerability": "VCID-wb2q-jutm-gkgu" }, { "vulnerability": "VCID-wxfs-kd2p-nbbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.6.1" } ], "aliases": [ "CVE-2019-12799", "GHSA-rf8f-hqjv-986p" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cb3-b3qq-juap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14572?format=api", "vulnerability_id": "VCID-723p-njjg-efbn", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nShopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved There is no workaround and users are advised to upgrade as soon as possible.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49767", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21651" }, { "reference_url": "https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:34Z/" } ], "url": "https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022" }, { "reference_url": "https://github.com/shopware/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware" }, { "reference_url": "https://github.com/shopware/shopware/commit/a90046c765c57a46c4399dce17bd174253c32886", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:34Z/" } ], "url": "https://github.com/shopware/shopware/commit/a90046c765c57a46c4399dce17bd174253c32886" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21651", "reference_id": "CVE-2022-21651", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21651" }, { "reference_url": "https://github.com/advisories/GHSA-c53v-qmrx-93hg", "reference_id": "GHSA-c53v-qmrx-93hg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c53v-qmrx-93hg" }, { "reference_url": "https://github.com/shopware/shopware/security/advisories/GHSA-c53v-qmrx-93hg", "reference_id": "GHSA-c53v-qmrx-93hg", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:34Z/" } ], "url": "https://github.com/shopware/shopware/security/advisories/GHSA-c53v-qmrx-93hg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58955?format=api", "purl": "pkg:composer/shopware/shopware@5.7.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8n77-xfpc-sucm" }, { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-cmgu-xukg-cfdz" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-j2nj-awm2-kffb" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-mg54-375u-vfhr" }, { "vulnerability": "VCID-trhv-dwjm-zfav" }, { "vulnerability": "VCID-wb2q-jutm-gkgu" }, { "vulnerability": "VCID-wxfs-kd2p-nbbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.7" } ], "aliases": [ "CVE-2022-21651", "GHSA-c53v-qmrx-93hg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-723p-njjg-efbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15631?format=api", "vulnerability_id": "VCID-8n77-xfpc-sucm", "summary": "Cross-Site Request Forgery (CSRF)\nShopware is an open source e-commerce software platform. Versions prior to 5.7.9 is vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.3314", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24879" }, { "reference_url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:11Z/" } ], "url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022" }, { "reference_url": "https://github.com/shopware/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware" }, { "reference_url": "https://www.shopware.com/en/changelog-sw5/#5-7-9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:11Z/" } ], "url": "https://www.shopware.com/en/changelog-sw5/#5-7-9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24879", "reference_id": "CVE-2022-24879", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24879" }, { "reference_url": "https://github.com/advisories/GHSA-pf38-v6qj-j23h", "reference_id": "GHSA-pf38-v6qj-j23h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf38-v6qj-j23h" }, { "reference_url": "https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h", "reference_id": "GHSA-pf38-v6qj-j23h", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:11Z/" } ], "url": "https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60549?format=api", "purl": "pkg:composer/shopware/shopware@5.7.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-trhv-dwjm-zfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.9" } ], "aliases": [ "CVE-2022-24879", "GHSA-pf38-v6qj-j23h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8n77-xfpc-sucm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14251?format=api", "vulnerability_id": "VCID-961c-853p-xyfv", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nShopware is open source e-commerce software. contain a cross-site scripting vulnerability. This issue is patched Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66793", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41188" }, { "reference_url": "https://docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021" }, { "reference_url": "https://github.com/shopware/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware" }, { "reference_url": "https://github.com/shopware/shopware/commit/37213e91d525c95df262712cba80d1497e395a58", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware/commit/37213e91d525c95df262712cba80d1497e395a58" }, { "reference_url": "https://github.com/shopware/shopware/releases/tag/v5.7.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware/releases/tag/v5.7.6" }, { "reference_url": "https://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9" }, { "reference_url": "https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41188", "reference_id": "CVE-2021-41188", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41188" }, { "reference_url": "https://github.com/advisories/GHSA-4p3x-8qw9-24w9", "reference_id": "GHSA-4p3x-8qw9-24w9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4p3x-8qw9-24w9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58383?format=api", "purl": "pkg:composer/shopware/shopware@5.7.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-723p-njjg-efbn" }, { "vulnerability": "VCID-8n77-xfpc-sucm" }, { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-cmgu-xukg-cfdz" }, { "vulnerability": "VCID-g2t7-j2h8-7khz" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-j2nj-awm2-kffb" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-mg54-375u-vfhr" }, { "vulnerability": "VCID-trhv-dwjm-zfav" }, { "vulnerability": "VCID-wb2q-jutm-gkgu" }, { "vulnerability": "VCID-wxfs-kd2p-nbbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.6" } ], "aliases": [ "CVE-2021-41188", "GHSA-4p3x-8qw9-24w9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-961c-853p-xyfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178064?format=api", "vulnerability_id": "VCID-aqye-gbxj-4kbv", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50761", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32710" }, { "reference_url": "https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e" }, { "reference_url": "https://github.com/shopware/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware" }, { "reference_url": "https://packagist.org/packages/shopware/platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/shopware/platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32710", "reference_id": "CVE-2021-32710", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32710" }, { "reference_url": "https://github.com/advisories/GHSA-h9q8-5gv2-v6mg", "reference_id": "GHSA-h9q8-5gv2-v6mg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h9q8-5gv2-v6mg" }, { "reference_url": "https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg", "reference_id": "GHSA-h9q8-5gv2-v6mg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg" } ], "fixed_packages": [], "aliases": [ "CVE-2021-32710", "GHSA-h9q8-5gv2-v6mg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aqye-gbxj-4kbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17927?format=api", "vulnerability_id": "VCID-bgek-xyh7-ffbu", "summary": "Improper Check for Unusual or Exceptional Conditions\nShopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34099", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33827", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34099" }, { "reference_url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/" } ], "url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023" }, { "reference_url": "https://github.com/shopware5/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware5/shopware" }, { "reference_url": "https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/" } ], "url": "https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d" }, { "reference_url": "https://github.com/shopware5/shopware/security/advisories/GHSA-gh66-fp7j-98v5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware5/shopware/security/advisories/GHSA-gh66-fp7j-98v5" }, { "reference_url": "https://www.shopware.com/en/changelog-sw5/#5-7-18", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/" } ], "url": "https://www.shopware.com/en/changelog-sw5/#5-7-18" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34099", "reference_id": "CVE-2023-34099", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34099" }, { "reference_url": "https://github.com/advisories/GHSA-gh66-fp7j-98v5", "reference_id": "GHSA-gh66-fp7j-98v5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gh66-fp7j-98v5" }, { "reference_url": "https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5", "reference_id": "GHSA-gh66-fp7j-98v5", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/" } ], "url": "https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64607?format=api", "purl": "pkg:composer/shopware/shopware@5.7.18", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.18" } ], "aliases": [ "CVE-2023-34099", "GHSA-gh66-fp7j-98v5" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bgek-xyh7-ffbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13737?format=api", "vulnerability_id": "VCID-c3rs-ndfu-c3bq", "summary": "Cross-site Scripting\nShopware has XSS via the Query String to the `backend/Login` or `backend/Login/load/` URI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0358", "scoring_system": "epss", "scoring_elements": "0.8794", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12935" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jun/32", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jun/32" }, { "reference_url": "https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware" }, { "reference_url": "https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware/" }, { "reference_url": "https://www.shopware.com/en/changelog/#5-5-8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.shopware.com/en/changelog/#5-5-8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12935", "reference_id": "CVE-2019-12935", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12935" }, { "reference_url": "https://github.com/advisories/GHSA-8qxh-hcr9-2379", "reference_id": "GHSA-8qxh-hcr9-2379", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8qxh-hcr9-2379" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57244?format=api", "purl": "pkg:composer/shopware/shopware@5.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ser-mx5j-6fgq" }, { "vulnerability": "VCID-64sz-7hp3-ykds" }, { "vulnerability": "VCID-6cb3-b3qq-juap" }, { "vulnerability": "VCID-723p-njjg-efbn" }, { "vulnerability": "VCID-8n77-xfpc-sucm" }, { "vulnerability": "VCID-961c-853p-xyfv" }, { "vulnerability": "VCID-aqye-gbxj-4kbv" }, { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-cmgu-xukg-cfdz" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-j2nj-awm2-kffb" }, { "vulnerability": "VCID-jdsx-yw76-9feu" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-mg54-375u-vfhr" }, { "vulnerability": "VCID-qdc8-dtad-zfaj" }, { "vulnerability": "VCID-s65a-68au-eyeg" }, { "vulnerability": "VCID-vzee-b74h-jqez" }, { "vulnerability": "VCID-wb2q-jutm-gkgu" }, { "vulnerability": "VCID-wxfs-kd2p-nbbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.5.8" } ], "aliases": [ "CVE-2019-12935", "GHSA-8qxh-hcr9-2379" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3rs-ndfu-c3bq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15635?format=api", "vulnerability_id": "VCID-cmgu-xukg-cfdz", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nShopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24873", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60845", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24873" }, { "reference_url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:52Z/" } ], "url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022" }, { "reference_url": "https://github.com/shopware/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware" }, { "reference_url": "https://www.shopware.com/en/changelog-sw5/#5-7-9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:52Z/" } ], "url": "https://www.shopware.com/en/changelog-sw5/#5-7-9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24873", "reference_id": "CVE-2022-24873", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24873" }, { "reference_url": "https://github.com/advisories/GHSA-4g29-fccr-p59w", "reference_id": "GHSA-4g29-fccr-p59w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4g29-fccr-p59w" }, { "reference_url": "https://github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59w", "reference_id": "GHSA-4g29-fccr-p59w", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:52Z/" } ], "url": "https://github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60549?format=api", "purl": "pkg:composer/shopware/shopware@5.7.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-trhv-dwjm-zfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.9" } ], "aliases": [ "CVE-2022-24873", "GHSA-4g29-fccr-p59w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmgu-xukg-cfdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11794?format=api", "vulnerability_id": "VCID-ecce-958d-k3fx", "summary": "Cross-site Scripting\nShopware is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03459", "scoring_system": "epss", "scoring_elements": "0.87732", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15374" }, { "reference_url": "https://www.exploit-db.com/exploits/43849", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/43849" }, { "reference_url": "https://www.vulnerability-lab.com/get_content.php?id=1922", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulnerability-lab.com/get_content.php?id=1922" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/json/webapps/43849.txt", "reference_id": "CVE-2017-15374", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/json/webapps/43849.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15374", "reference_id": "CVE-2017-15374", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15374" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53413?format=api", "purl": "pkg:composer/shopware/shopware@5.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ser-mx5j-6fgq" }, { "vulnerability": "VCID-2xvz-338c-dygp" }, { "vulnerability": "VCID-64sz-7hp3-ykds" }, { "vulnerability": "VCID-6cb3-b3qq-juap" }, { "vulnerability": "VCID-723p-njjg-efbn" }, { "vulnerability": "VCID-8n77-xfpc-sucm" }, { "vulnerability": "VCID-961c-853p-xyfv" }, { "vulnerability": "VCID-aqye-gbxj-4kbv" }, { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-c3rs-ndfu-c3bq" }, { "vulnerability": "VCID-cmgu-xukg-cfdz" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-j2nj-awm2-kffb" }, { "vulnerability": "VCID-jdsx-yw76-9feu" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-mg54-375u-vfhr" }, { "vulnerability": "VCID-pb56-zbvy-q7b9" }, { "vulnerability": "VCID-qdc8-dtad-zfaj" }, { "vulnerability": "VCID-s65a-68au-eyeg" }, { "vulnerability": "VCID-vzee-b74h-jqez" }, { "vulnerability": "VCID-vzv3-795x-gfhd" }, { "vulnerability": "VCID-wb2q-jutm-gkgu" }, { "vulnerability": "VCID-wxfs-kd2p-nbbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.3.4" } ], "aliases": [ "CVE-2017-15374", "GHSA-mvrx-cmqw-2jgj" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ecce-958d-k3fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201115?format=api", "vulnerability_id": "VCID-hxmy-gvzy-ufcg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36102", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.70147", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36102" }, { "reference_url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/" } ], "url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022" }, { "reference_url": "https://github.com/shopware/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware" }, { "reference_url": "https://github.com/shopware/shopware/commit/de92d3a78279119a5bbe203054f8fa1d25126af6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/" } ], "url": "https://github.com/shopware/shopware/commit/de92d3a78279119a5bbe203054f8fa1d25126af6" }, { "reference_url": "https://packagist.org/packages/shopware/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/" } ], "url": "https://packagist.org/packages/shopware/shopware" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36102", "reference_id": "CVE-2022-36102", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36102" }, { "reference_url": "https://github.com/advisories/GHSA-qc43-pgwq-3q2q", "reference_id": "GHSA-qc43-pgwq-3q2q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qc43-pgwq-3q2q" }, { "reference_url": "https://github.com/shopware/shopware/security/advisories/GHSA-qc43-pgwq-3q2q", "reference_id": "GHSA-qc43-pgwq-3q2q", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/" } ], "url": "https://github.com/shopware/shopware/security/advisories/GHSA-qc43-pgwq-3q2q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79199?format=api", "purl": "pkg:composer/shopware/shopware@5.7.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-trhv-dwjm-zfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.15" } ], "aliases": [ "CVE-2022-36102", "GHSA-qc43-pgwq-3q2q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hxmy-gvzy-ufcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15543?format=api", "vulnerability_id": "VCID-j2nj-awm2-kffb", "summary": "Incorrect Permission Assignment for Critical Resource\nShopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24872", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40504", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24872" }, { "reference_url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022" }, { "reference_url": "https://github.com/shopware/platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/platform" }, { "reference_url": "https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24872", "reference_id": "CVE-2022-24872", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24872" }, { "reference_url": "https://github.com/advisories/GHSA-9wrv-g75h-8ccc", "reference_id": "GHSA-9wrv-g75h-8ccc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9wrv-g75h-8ccc" }, { "reference_url": "https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc", "reference_id": "GHSA-9wrv-g75h-8ccc", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc" } ], "fixed_packages": [], "aliases": [ "CVE-2022-24872", "GHSA-9wrv-g75h-8ccc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2nj-awm2-kffb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/154042?format=api", "vulnerability_id": "VCID-jdsx-yw76-9feu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.61249", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13970" }, { "reference_url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020" }, { "reference_url": "https://github.com/shopware/platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13970", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13970" }, { "reference_url": "https://www.shopware.com/en/changelog/#6-2-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.shopware.com/en/changelog/#6-2-3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/417789?format=api", "purl": "pkg:composer/shopware/shopware@6.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.2.3" } ], "aliases": [ "CVE-2020-13970", "GHSA-5vmg-x99g-396q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jdsx-yw76-9feu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201114?format=api", "vulnerability_id": "VCID-mekd-thy7-63cz", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36101", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64652", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36101" }, { "reference_url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/" } ], "url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022" }, { "reference_url": "https://github.com/shopware/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware" }, { "reference_url": "https://github.com/shopware/shopware/commit/af5cdbc81d60f21b728e1433aeb8837f25938d2a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/" } ], "url": "https://github.com/shopware/shopware/commit/af5cdbc81d60f21b728e1433aeb8837f25938d2a" }, { "reference_url": "https://packagist.org/packages/shopware/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/" } ], "url": "https://packagist.org/packages/shopware/shopware" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36101", "reference_id": "CVE-2022-36101", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36101" }, { "reference_url": "https://github.com/advisories/GHSA-6vfq-jmxg-g58r", "reference_id": "GHSA-6vfq-jmxg-g58r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6vfq-jmxg-g58r" }, { "reference_url": "https://github.com/shopware/shopware/security/advisories/GHSA-6vfq-jmxg-g58r", "reference_id": "GHSA-6vfq-jmxg-g58r", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/" } ], "url": "https://github.com/shopware/shopware/security/advisories/GHSA-6vfq-jmxg-g58r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79199?format=api", "purl": "pkg:composer/shopware/shopware@5.7.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-trhv-dwjm-zfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.15" } ], "aliases": [ "CVE-2022-36101", "GHSA-6vfq-jmxg-g58r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mekd-thy7-63cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15630?format=api", "vulnerability_id": "VCID-mg54-375u-vfhr", "summary": "Weak Password Recovery Mechanism for Forgotten Password\nShopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24892", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52104", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24892" }, { "reference_url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/" } ], "url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022" }, { "reference_url": "https://github.com/shopware/shopware", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware" }, { "reference_url": "https://www.shopware.com/en/changelog-sw5/#5-7-9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/" } ], "url": "https://www.shopware.com/en/changelog-sw5/#5-7-9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24892", "reference_id": "CVE-2022-24892", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24892" }, { "reference_url": "https://github.com/advisories/GHSA-3qrq-r688-vvh4", "reference_id": "GHSA-3qrq-r688-vvh4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3qrq-r688-vvh4" }, { "reference_url": "https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4", "reference_id": "GHSA-3qrq-r688-vvh4", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/" } ], "url": "https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60549?format=api", "purl": "pkg:composer/shopware/shopware@5.7.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-trhv-dwjm-zfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.9" } ], "aliases": [ "CVE-2022-24892", "GHSA-3qrq-r688-vvh4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mg54-375u-vfhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13237?format=api", "vulnerability_id": "VCID-mu45-9nhk-f7a5", "summary": "Externally Controlled Reference to a Resource in Another Sphere\nShopware has a PHP Object Instantiation issue via the `sort` parameter to the `loadPreviewAction()` method of the `Shopware_Controllers_Backend_ProductStream` controller, with resultant XXE via instantiation of a `SimpleXMLElement` object.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/152995/Shopware-createInstanceFromNamedArguments-PHP-Object-Instantiation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/152995/Shopware-createInstanceFromNamedArguments-PHP-Object-Instantiation.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18357", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.57295", "scoring_system": "epss", "scoring_elements": "0.98184", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18357" }, { "reference_url": "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe" }, { "reference_url": "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe/" }, { "reference_url": "https://demo.ripstech.com/projects/shopware_5.3.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://demo.ripstech.com/projects/shopware_5.3.3" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46915.rb", "reference_id": "CVE-2017-18357", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46915.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18357", "reference_id": "CVE-2017-18357", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18357" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/shopware_createinstancefromnamedarguments_rce.rb", "reference_id": "CVE-2017-18357", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/shopware_createinstancefromnamedarguments_rce.rb" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53413?format=api", "purl": "pkg:composer/shopware/shopware@5.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ser-mx5j-6fgq" }, { "vulnerability": "VCID-2xvz-338c-dygp" }, { "vulnerability": "VCID-64sz-7hp3-ykds" }, { "vulnerability": "VCID-6cb3-b3qq-juap" }, { "vulnerability": "VCID-723p-njjg-efbn" }, { "vulnerability": "VCID-8n77-xfpc-sucm" }, { "vulnerability": "VCID-961c-853p-xyfv" }, { "vulnerability": "VCID-aqye-gbxj-4kbv" }, { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-c3rs-ndfu-c3bq" }, { "vulnerability": "VCID-cmgu-xukg-cfdz" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-j2nj-awm2-kffb" }, { "vulnerability": "VCID-jdsx-yw76-9feu" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-mg54-375u-vfhr" }, { "vulnerability": "VCID-pb56-zbvy-q7b9" }, { "vulnerability": "VCID-qdc8-dtad-zfaj" }, { "vulnerability": "VCID-s65a-68au-eyeg" }, { "vulnerability": "VCID-vzee-b74h-jqez" }, { "vulnerability": "VCID-vzv3-795x-gfhd" }, { "vulnerability": "VCID-wb2q-jutm-gkgu" }, { "vulnerability": "VCID-wxfs-kd2p-nbbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.3.4" } ], "aliases": [ "CVE-2017-18357", "GHSA-6m27-7cqj-2mxw" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mu45-9nhk-f7a5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12077?format=api", "vulnerability_id": "VCID-pb56-zbvy-q7b9", "summary": "Non-Persistent XSS\nShopware is affected by two non-persistent Cross-site Scripting (XSS) vulnerabilities in the frontend.", "references": [ { "reference_url": "http://en.community.shopware.com/_detail_2048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://en.community.shopware.com/_detail_2048.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53852?format=api", "purl": "pkg:composer/shopware/shopware@5.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ser-mx5j-6fgq" }, { "vulnerability": "VCID-64sz-7hp3-ykds" }, { "vulnerability": "VCID-6cb3-b3qq-juap" }, { "vulnerability": "VCID-723p-njjg-efbn" }, { "vulnerability": "VCID-8n77-xfpc-sucm" }, { "vulnerability": "VCID-961c-853p-xyfv" }, { "vulnerability": "VCID-aqye-gbxj-4kbv" }, { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-c3rs-ndfu-c3bq" }, { "vulnerability": "VCID-cmgu-xukg-cfdz" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-j2nj-awm2-kffb" }, { "vulnerability": "VCID-jdsx-yw76-9feu" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-mg54-375u-vfhr" }, { "vulnerability": "VCID-qdc8-dtad-zfaj" }, { "vulnerability": "VCID-s65a-68au-eyeg" }, { "vulnerability": "VCID-vzee-b74h-jqez" }, { "vulnerability": "VCID-vzv3-795x-gfhd" }, { "vulnerability": "VCID-wb2q-jutm-gkgu" }, { "vulnerability": "VCID-wxfs-kd2p-nbbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.3.7" } ], "aliases": [ "SW-20878" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pb56-zbvy-q7b9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/154043?format=api", "vulnerability_id": "VCID-qdc8-dtad-zfaj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54183", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13971" }, { "reference_url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020" }, { "reference_url": "https://github.com/shopware/platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/platform" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13971", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13971" }, { "reference_url": "https://www.shopware.com/en/changelog/#6-2-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.shopware.com/en/changelog/#6-2-3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/417789?format=api", "purl": "pkg:composer/shopware/shopware@6.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.2.3" } ], "aliases": [ "CVE-2020-13971", "GHSA-fxf3-wx3c-76pf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qdc8-dtad-zfaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/348060?format=api", "vulnerability_id": "VCID-s65a-68au-eyeg", "summary": "### Impact\nPersistent XSS in shopping worlds\n\n### Patches\n\nWe recommend updating to the current version 5.6.9. You can get the update to 5.6.9 regularly via the Auto-Updater or directly via the download overview.\n\nFor older versions you can use the Security Plugin:\nhttps://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html\n\n### References\nhttps://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020", "references": [ { "reference_url": "https://github.com/shopware/shopware/security/advisories/GHSA-28fw-88hq-6jmm", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware/security/advisories/GHSA-28fw-88hq-6jmm" }, { "reference_url": "https://github.com/advisories/GHSA-28fw-88hq-6jmm", "reference_id": "GHSA-28fw-88hq-6jmm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-28fw-88hq-6jmm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/202987?format=api", "purl": "pkg:composer/shopware/shopware@5.6.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-723p-njjg-efbn" }, { "vulnerability": "VCID-8n77-xfpc-sucm" }, { "vulnerability": "VCID-961c-853p-xyfv" }, { "vulnerability": "VCID-aqye-gbxj-4kbv" }, { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-c31u-jza2-hke9" }, { "vulnerability": "VCID-cmgu-xukg-cfdz" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-j2nj-awm2-kffb" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-mg54-375u-vfhr" }, { "vulnerability": "VCID-trhv-dwjm-zfav" }, { "vulnerability": "VCID-wb2q-jutm-gkgu" }, { "vulnerability": "VCID-wxfs-kd2p-nbbv" }, { "vulnerability": "VCID-zhc5-hvqg-gbf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.6.9" } ], "aliases": [ "GHSA-28fw-88hq-6jmm", "GMS-2020-599" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s65a-68au-eyeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/348054?format=api", "vulnerability_id": "VCID-vzee-b74h-jqez", "summary": "Persistent XSS in customer module in Shopware\n### Impact\nPersistent XSS in customer module\n\n### Patches\n\nWe recommend updating to the current version 5.6.9. You can get the update to 5.6.9 regularly via the Auto-Updater or directly via the download overview.\n\nFor older versions you can use the Security Plugin:\nhttps://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html\n\n### References\nhttps://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020", "references": [ { "reference_url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020" }, { "reference_url": "https://github.com/shopware/shopware/security/advisories/GHSA-6gv9-7q4g-pmvm", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/shopware/security/advisories/GHSA-6gv9-7q4g-pmvm" }, { "reference_url": "https://github.com/advisories/GHSA-6gv9-7q4g-pmvm", "reference_id": "GHSA-6gv9-7q4g-pmvm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6gv9-7q4g-pmvm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/202987?format=api", "purl": "pkg:composer/shopware/shopware@5.6.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-723p-njjg-efbn" }, { "vulnerability": "VCID-8n77-xfpc-sucm" }, { "vulnerability": "VCID-961c-853p-xyfv" }, { "vulnerability": "VCID-aqye-gbxj-4kbv" }, { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-c31u-jza2-hke9" }, { "vulnerability": "VCID-cmgu-xukg-cfdz" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-j2nj-awm2-kffb" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-mg54-375u-vfhr" }, { "vulnerability": "VCID-trhv-dwjm-zfav" }, { "vulnerability": "VCID-wb2q-jutm-gkgu" }, { "vulnerability": "VCID-wxfs-kd2p-nbbv" }, { "vulnerability": "VCID-zhc5-hvqg-gbf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.6.9" } ], "aliases": [ "GHSA-6gv9-7q4g-pmvm", "GMS-2020-600" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzee-b74h-jqez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13238?format=api", "vulnerability_id": "VCID-vzv3-795x-gfhd", "summary": "Shopware allows SQL Injection by remote authenticated users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70371", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20713" }, { "reference_url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2018", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2018" }, { "reference_url": "https://github.com/shopware5/shopware/commit/73cb46727050e28a0d7c2cf8471baaa3eaf2e5e8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware5/shopware/commit/73cb46727050e28a0d7c2cf8471baaa3eaf2e5e8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20713", "reference_id": "CVE-2018-20713", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20713" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56326?format=api", "purl": "pkg:composer/shopware/shopware@5.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ser-mx5j-6fgq" }, { "vulnerability": "VCID-64sz-7hp3-ykds" }, { "vulnerability": "VCID-6cb3-b3qq-juap" }, { "vulnerability": "VCID-723p-njjg-efbn" }, { "vulnerability": "VCID-8n77-xfpc-sucm" }, { "vulnerability": "VCID-961c-853p-xyfv" }, { "vulnerability": "VCID-aqye-gbxj-4kbv" }, { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-c3rs-ndfu-c3bq" }, { "vulnerability": "VCID-cmgu-xukg-cfdz" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-j2nj-awm2-kffb" }, { "vulnerability": "VCID-jdsx-yw76-9feu" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-mg54-375u-vfhr" }, { "vulnerability": "VCID-qdc8-dtad-zfaj" }, { "vulnerability": "VCID-s65a-68au-eyeg" }, { "vulnerability": "VCID-vzee-b74h-jqez" }, { "vulnerability": "VCID-wb2q-jutm-gkgu" }, { "vulnerability": "VCID-wxfs-kd2p-nbbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.4.3" } ], "aliases": [ "CVE-2018-20713", "GHSA-42gv-77f4-r3j9" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzv3-795x-gfhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15211?format=api", "vulnerability_id": "VCID-wb2q-jutm-gkgu", "summary": "Insufficient Session Expiration\nShopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24744", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36548", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24744" }, { "reference_url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates" }, { "reference_url": "https://github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64" }, { "reference_url": "https://github.com/shopware/platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/platform" }, { "reference_url": "https://github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24744", "reference_id": "CVE-2022-24744", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24744" }, { "reference_url": "https://github.com/advisories/GHSA-w267-m9c4-8555", "reference_id": "GHSA-w267-m9c4-8555", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w267-m9c4-8555" }, { "reference_url": "https://github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555", "reference_id": "GHSA-w267-m9c4-8555", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:14Z/" } ], "url": "https://github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555" } ], "fixed_packages": [], "aliases": [ "CVE-2022-24744", "GHSA-w267-m9c4-8555" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wb2q-jutm-gkgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15544?format=api", "vulnerability_id": "VCID-wxfs-kd2p-nbbv", "summary": "Server-Side Request Forgery (SSRF) in Shopware\nShopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24871", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57573", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24871" }, { "reference_url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022" }, { "reference_url": "https://github.com/shopware/platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/platform" }, { "reference_url": "https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24871", "reference_id": "CVE-2022-24871", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24871" }, { "reference_url": "https://github.com/advisories/GHSA-7gm7-8q8v-9gf2", "reference_id": "GHSA-7gm7-8q8v-9gf2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7gm7-8q8v-9gf2" }, { "reference_url": "https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2", "reference_id": "GHSA-7gm7-8q8v-9gf2", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60403?format=api", "purl": "pkg:composer/shopware/shopware@6.4.10%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.4.10%252B1" } ], "aliases": [ "CVE-2022-24871", "GHSA-7gm7-8q8v-9gf2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxfs-kd2p-nbbv" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12083?format=api", "vulnerability_id": "VCID-c8p5-grny-sue7", "summary": "Cross-site Scripting\nNon-Persistent XSS in shopware.", "references": [ { "reference_url": "https://community.shopware.com/_detail_2048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://community.shopware.com/_detail_2048.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53869?format=api", "purl": "pkg:composer/shopware/shopware@5.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ser-mx5j-6fgq" }, { "vulnerability": "VCID-2xvz-338c-dygp" }, { "vulnerability": "VCID-64sz-7hp3-ykds" }, { "vulnerability": "VCID-6cb3-b3qq-juap" }, { "vulnerability": "VCID-723p-njjg-efbn" }, { "vulnerability": "VCID-8n77-xfpc-sucm" }, { "vulnerability": "VCID-961c-853p-xyfv" }, { "vulnerability": "VCID-aqye-gbxj-4kbv" }, { "vulnerability": "VCID-bgek-xyh7-ffbu" }, { "vulnerability": "VCID-c3rs-ndfu-c3bq" }, { "vulnerability": "VCID-cmgu-xukg-cfdz" }, { "vulnerability": "VCID-ecce-958d-k3fx" }, { "vulnerability": "VCID-hxmy-gvzy-ufcg" }, { "vulnerability": "VCID-j2nj-awm2-kffb" }, { "vulnerability": "VCID-jdsx-yw76-9feu" }, { "vulnerability": "VCID-mekd-thy7-63cz" }, { "vulnerability": "VCID-mg54-375u-vfhr" }, { "vulnerability": "VCID-mu45-9nhk-f7a5" }, { "vulnerability": "VCID-pb56-zbvy-q7b9" }, { "vulnerability": "VCID-qdc8-dtad-zfaj" }, { "vulnerability": "VCID-s65a-68au-eyeg" }, { "vulnerability": "VCID-vzee-b74h-jqez" }, { "vulnerability": "VCID-vzv3-795x-gfhd" }, { "vulnerability": "VCID-wb2q-jutm-gkgu" }, { "vulnerability": "VCID-wxfs-kd2p-nbbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.3.0" } ], "aliases": [ "GMS-2018-77" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c8p5-grny-sue7" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.3.0" }