{"url":"http://public2.vulnerablecode.io/api/packages/100496?format=json","purl":"pkg:composer/shopware/shopware@5.2.0-RC3","type":"composer","namespace":"shopware","name":"shopware","version":"5.2.0-RC3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.7.18","latest_non_vulnerable_version":"5.7.18","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/348057?format=json","vulnerability_id":"VCID-1ser-mx5j-6fgq","summary":"Persistent XSS in newsletter module in Shopware\n### Impact\nPersistent XSS in newsletter module\n\n### Patches\n\nWe recommend updating to the current version 5.6.9. You can get the update to 5.6.9 regularly via the Auto-Updater or directly via the download overview.\n\nFor older versions you can use the Security Plugin:\nhttps://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html\n\n### References\nhttps://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020","references":[{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-hrfh-fp4x-crrq","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-hrfh-fp4x-crrq"},{"reference_url":"https://github.com/advisories/GHSA-hrfh-fp4x-crrq","reference_id":"GHSA-hrfh-fp4x-crrq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hrfh-fp4x-crrq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/202987?format=json","purl":"pkg:composer/shopware/shopware@5.6.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-c31u-jza2-hke9"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-trhv-dwjm-zfav"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"},{"vulnerability":"VCID-zhc5-hvqg-gbf4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.6.9"}],"aliases":["GHSA-hrfh-fp4x-crrq","GMS-2020-601"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ser-mx5j-6fgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340827?format=json","vulnerability_id":"VCID-3ntq-mhs1-buex","summary":"Shopware Remote Code Execution Vulnerability","references":[{"reference_url":"https://community.shopware.com/_detail_2015.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://community.shopware.com/_detail_2015.html"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2017?category=shopware-5-en/security-updates","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2017?category=shopware-5-en/security-updates"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2017-06-22.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2017-06-22.yaml"},{"reference_url":"https://github.com/shopware5/shopware","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware"},{"reference_url":"https://github.com/shopware5/shopware/commit/8f6a7cefcba7547276892b82f64e4874c1a0dfed","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware/commit/8f6a7cefcba7547276892b82f64e4874c1a0dfed"},{"reference_url":"https://github.com/advisories/GHSA-83jv-4prm-34g7","reference_id":"GHSA-83jv-4prm-34g7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-83jv-4prm-34g7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52619?format=json","purl":"pkg:composer/shopware/shopware@5.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ser-mx5j-6fgq"},{"vulnerability":"VCID-2xvz-338c-dygp"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-6cb3-b3qq-juap"},{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-c3rs-ndfu-c3bq"},{"vulnerability":"VCID-c8p5-grny-sue7"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-ecce-958d-k3fx"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-mu45-9nhk-f7a5"},{"vulnerability":"VCID-pb56-zbvy-q7b9"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-s65a-68au-eyeg"},{"vulnerability":"VCID-vzee-b74h-jqez"},{"vulnerability":"VCID-vzv3-795x-gfhd"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.2.25"}],"aliases":["GHSA-83jv-4prm-34g7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ntq-mhs1-buex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/154062?format=json","vulnerability_id":"VCID-64sz-7hp3-ykds","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13997","reference_id":"","reference_type":"","scores":[{"value":"0.0084","scoring_system":"epss","scoring_elements":"0.75028","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13997"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13997","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13997"},{"reference_url":"https://www.shopware.com/en/changelog/#6-2-3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/changelog/#6-2-3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/417789?format=json","purl":"pkg:composer/shopware/shopware@6.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.2.3"}],"aliases":["CVE-2020-13997","GHSA-r4ph-mx67-x58p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64sz-7hp3-ykds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13716?format=json","vulnerability_id":"VCID-6cb3-b3qq-juap","summary":"Deserialization of Untrusted Data\nIn `createInstanceFromNamedArguments` in Shopware, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12799","reference_id":"","reference_type":"","scores":[{"value":"0.24236","scoring_system":"epss","scoring_elements":"0.96183","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12799"},{"reference_url":"https://github.com/advisories/GHSA-6m27-7cqj-2mxw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6m27-7cqj-2mxw"},{"reference_url":"https://github.com/rapid7/metasploit-framework/pull/11828","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rapid7/metasploit-framework/pull/11828"},{"reference_url":"https://github.com/shopware5/shopware","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware"},{"reference_url":"https://web.archive.org/web/20171112153855/https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20171112153855/https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12799","reference_id":"CVE-2019-12799","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12799"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57225?format=json","purl":"pkg:composer/shopware/shopware@5.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ser-mx5j-6fgq"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-s65a-68au-eyeg"},{"vulnerability":"VCID-trhv-dwjm-zfav"},{"vulnerability":"VCID-vzee-b74h-jqez"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.6.1"}],"aliases":["CVE-2019-12799","GHSA-rf8f-hqjv-986p"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cb3-b3qq-juap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14572?format=json","vulnerability_id":"VCID-723p-njjg-efbn","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nShopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved There is no workaround and users are advised to upgrade as soon as possible.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21651","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49767","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21651"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:34Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/a90046c765c57a46c4399dce17bd174253c32886","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:34Z/"}],"url":"https://github.com/shopware/shopware/commit/a90046c765c57a46c4399dce17bd174253c32886"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21651","reference_id":"CVE-2022-21651","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21651"},{"reference_url":"https://github.com/advisories/GHSA-c53v-qmrx-93hg","reference_id":"GHSA-c53v-qmrx-93hg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c53v-qmrx-93hg"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-c53v-qmrx-93hg","reference_id":"GHSA-c53v-qmrx-93hg","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:34Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-c53v-qmrx-93hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58955?format=json","purl":"pkg:composer/shopware/shopware@5.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-trhv-dwjm-zfav"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.7"}],"aliases":["CVE-2022-21651","GHSA-c53v-qmrx-93hg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-723p-njjg-efbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14251?format=json","vulnerability_id":"VCID-961c-853p-xyfv","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nShopware is open source e-commerce software. contain a cross-site scripting vulnerability. This issue is patched Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41188","reference_id":"","reference_type":"","scores":[{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66793","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41188"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/37213e91d525c95df262712cba80d1497e395a58","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/commit/37213e91d525c95df262712cba80d1497e395a58"},{"reference_url":"https://github.com/shopware/shopware/releases/tag/v5.7.6","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/releases/tag/v5.7.6"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9"},{"reference_url":"https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41188","reference_id":"CVE-2021-41188","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41188"},{"reference_url":"https://github.com/advisories/GHSA-4p3x-8qw9-24w9","reference_id":"GHSA-4p3x-8qw9-24w9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p3x-8qw9-24w9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58383?format=json","purl":"pkg:composer/shopware/shopware@5.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-g2t7-j2h8-7khz"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-trhv-dwjm-zfav"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.6"}],"aliases":["CVE-2021-41188","GHSA-4p3x-8qw9-24w9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-961c-853p-xyfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178064?format=json","vulnerability_id":"VCID-aqye-gbxj-4kbv","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32710","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50761","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32710"},{"reference_url":"https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://packagist.org/packages/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/shopware/platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32710","reference_id":"CVE-2021-32710","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32710"},{"reference_url":"https://github.com/advisories/GHSA-h9q8-5gv2-v6mg","reference_id":"GHSA-h9q8-5gv2-v6mg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h9q8-5gv2-v6mg"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg","reference_id":"GHSA-h9q8-5gv2-v6mg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg"}],"fixed_packages":[],"aliases":["CVE-2021-32710","GHSA-h9q8-5gv2-v6mg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqye-gbxj-4kbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17927?format=json","vulnerability_id":"VCID-bgek-xyh7-ffbu","summary":"Improper Check for Unusual or Exceptional Conditions\nShopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34099","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33827","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34099"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023"},{"reference_url":"https://github.com/shopware5/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware"},{"reference_url":"https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/"}],"url":"https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d"},{"reference_url":"https://github.com/shopware5/shopware/security/advisories/GHSA-gh66-fp7j-98v5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware/security/advisories/GHSA-gh66-fp7j-98v5"},{"reference_url":"https://www.shopware.com/en/changelog-sw5/#5-7-18","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/"}],"url":"https://www.shopware.com/en/changelog-sw5/#5-7-18"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34099","reference_id":"CVE-2023-34099","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34099"},{"reference_url":"https://github.com/advisories/GHSA-gh66-fp7j-98v5","reference_id":"GHSA-gh66-fp7j-98v5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gh66-fp7j-98v5"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5","reference_id":"GHSA-gh66-fp7j-98v5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64607?format=json","purl":"pkg:composer/shopware/shopware@5.7.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.18"}],"aliases":["CVE-2023-34099","GHSA-gh66-fp7j-98v5"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bgek-xyh7-ffbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13737?format=json","vulnerability_id":"VCID-c3rs-ndfu-c3bq","summary":"Cross-site Scripting\nShopware has XSS via the Query String to the `backend/Login` or `backend/Login/load/` URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12935","reference_id":"","reference_type":"","scores":[{"value":"0.0358","scoring_system":"epss","scoring_elements":"0.8794","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12935"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Jun/32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Jun/32"},{"reference_url":"https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware"},{"reference_url":"https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware/","reference_id":"","reference_type":"","scores":[],"url":"https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware/"},{"reference_url":"https://www.shopware.com/en/changelog/#5-5-8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/changelog/#5-5-8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12935","reference_id":"CVE-2019-12935","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12935"},{"reference_url":"https://github.com/advisories/GHSA-8qxh-hcr9-2379","reference_id":"GHSA-8qxh-hcr9-2379","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8qxh-hcr9-2379"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57244?format=json","purl":"pkg:composer/shopware/shopware@5.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ser-mx5j-6fgq"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-6cb3-b3qq-juap"},{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-s65a-68au-eyeg"},{"vulnerability":"VCID-vzee-b74h-jqez"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.5.8"}],"aliases":["CVE-2019-12935","GHSA-8qxh-hcr9-2379"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3rs-ndfu-c3bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11248?format=json","vulnerability_id":"VCID-cdn9-dp2r-fyfg","summary":"Code Injection\nRemote Code Execution Vulnerability in shopware.","references":[{"reference_url":"https://community.shopware.com/_detail_1989.html","reference_id":"","reference_type":"","scores":[],"url":"https://community.shopware.com/_detail_1989.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52152?format=json","purl":"pkg:composer/shopware/shopware@5.2.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ser-mx5j-6fgq"},{"vulnerability":"VCID-2xvz-338c-dygp"},{"vulnerability":"VCID-3ntq-mhs1-buex"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-6cb3-b3qq-juap"},{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-c3rs-ndfu-c3bq"},{"vulnerability":"VCID-c8p5-grny-sue7"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-ecce-958d-k3fx"},{"vulnerability":"VCID-gn89-e5je-ybeb"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-k6td-39bu-dqa8"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-mu45-9nhk-f7a5"},{"vulnerability":"VCID-pb56-zbvy-q7b9"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-s65a-68au-eyeg"},{"vulnerability":"VCID-vfdj-s7f8-7bf2"},{"vulnerability":"VCID-vzee-b74h-jqez"},{"vulnerability":"VCID-vzv3-795x-gfhd"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wh8d-hm8t-vkfm"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"},{"vulnerability":"VCID-ztq4-mw67-d3g4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.2.15"}],"aliases":["GMS-2017-341"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cdn9-dp2r-fyfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15635?format=json","vulnerability_id":"VCID-cmgu-xukg-cfdz","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nShopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24873","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60845","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24873"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:52Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://www.shopware.com/en/changelog-sw5/#5-7-9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:52Z/"}],"url":"https://www.shopware.com/en/changelog-sw5/#5-7-9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24873","reference_id":"CVE-2022-24873","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24873"},{"reference_url":"https://github.com/advisories/GHSA-4g29-fccr-p59w","reference_id":"GHSA-4g29-fccr-p59w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4g29-fccr-p59w"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59w","reference_id":"GHSA-4g29-fccr-p59w","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:52Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60549?format=json","purl":"pkg:composer/shopware/shopware@5.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-trhv-dwjm-zfav"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.9"}],"aliases":["CVE-2022-24873","GHSA-4g29-fccr-p59w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmgu-xukg-cfdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11794?format=json","vulnerability_id":"VCID-ecce-958d-k3fx","summary":"Cross-site Scripting\nShopware is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15374","reference_id":"","reference_type":"","scores":[{"value":"0.03459","scoring_system":"epss","scoring_elements":"0.87732","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15374"},{"reference_url":"https://www.exploit-db.com/exploits/43849","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/43849"},{"reference_url":"https://www.vulnerability-lab.com/get_content.php?id=1922","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulnerability-lab.com/get_content.php?id=1922"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/json/webapps/43849.txt","reference_id":"CVE-2017-15374","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/json/webapps/43849.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15374","reference_id":"CVE-2017-15374","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15374"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53413?format=json","purl":"pkg:composer/shopware/shopware@5.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ser-mx5j-6fgq"},{"vulnerability":"VCID-2xvz-338c-dygp"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-6cb3-b3qq-juap"},{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-c3rs-ndfu-c3bq"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-pb56-zbvy-q7b9"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-s65a-68au-eyeg"},{"vulnerability":"VCID-vzee-b74h-jqez"},{"vulnerability":"VCID-vzv3-795x-gfhd"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.3.4"}],"aliases":["CVE-2017-15374","GHSA-mvrx-cmqw-2jgj"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecce-958d-k3fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11418?format=json","vulnerability_id":"VCID-gn89-e5je-ybeb","summary":"Remote Code Execution Vulnerability\nUnder certain circumstances, it’s possible to execute an authorized foreign code in Shopware.","references":[{"reference_url":"http://en.community.shopware.com/_detail_2015.html","reference_id":"","reference_type":"","scores":[],"url":"http://en.community.shopware.com/_detail_2015.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52619?format=json","purl":"pkg:composer/shopware/shopware@5.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ser-mx5j-6fgq"},{"vulnerability":"VCID-2xvz-338c-dygp"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-6cb3-b3qq-juap"},{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-c3rs-ndfu-c3bq"},{"vulnerability":"VCID-c8p5-grny-sue7"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-ecce-958d-k3fx"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-mu45-9nhk-f7a5"},{"vulnerability":"VCID-pb56-zbvy-q7b9"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-s65a-68au-eyeg"},{"vulnerability":"VCID-vzee-b74h-jqez"},{"vulnerability":"VCID-vzv3-795x-gfhd"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.2.25"}],"aliases":["GMS-2017-135"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gn89-e5je-ybeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201115?format=json","vulnerability_id":"VCID-hxmy-gvzy-ufcg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36102","reference_id":"","reference_type":"","scores":[{"value":"0.00612","scoring_system":"epss","scoring_elements":"0.70147","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36102"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/de92d3a78279119a5bbe203054f8fa1d25126af6","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/"}],"url":"https://github.com/shopware/shopware/commit/de92d3a78279119a5bbe203054f8fa1d25126af6"},{"reference_url":"https://packagist.org/packages/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/"}],"url":"https://packagist.org/packages/shopware/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36102","reference_id":"CVE-2022-36102","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36102"},{"reference_url":"https://github.com/advisories/GHSA-qc43-pgwq-3q2q","reference_id":"GHSA-qc43-pgwq-3q2q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qc43-pgwq-3q2q"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-qc43-pgwq-3q2q","reference_id":"GHSA-qc43-pgwq-3q2q","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-qc43-pgwq-3q2q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79199?format=json","purl":"pkg:composer/shopware/shopware@5.7.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-trhv-dwjm-zfav"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.15"}],"aliases":["CVE-2022-36102","GHSA-qc43-pgwq-3q2q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxmy-gvzy-ufcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15543?format=json","vulnerability_id":"VCID-j2nj-awm2-kffb","summary":"Incorrect Permission Assignment for Critical Resource\nShopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24872","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40504","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24872"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24872","reference_id":"CVE-2022-24872","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24872"},{"reference_url":"https://github.com/advisories/GHSA-9wrv-g75h-8ccc","reference_id":"GHSA-9wrv-g75h-8ccc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9wrv-g75h-8ccc"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc","reference_id":"GHSA-9wrv-g75h-8ccc","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc"}],"fixed_packages":[],"aliases":["CVE-2022-24872","GHSA-9wrv-g75h-8ccc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2nj-awm2-kffb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/154042?format=json","vulnerability_id":"VCID-jdsx-yw76-9feu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13970","reference_id":"","reference_type":"","scores":[{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.61249","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13970"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13970","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13970"},{"reference_url":"https://www.shopware.com/en/changelog/#6-2-3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/changelog/#6-2-3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/417789?format=json","purl":"pkg:composer/shopware/shopware@6.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.2.3"}],"aliases":["CVE-2020-13970","GHSA-5vmg-x99g-396q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdsx-yw76-9feu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11267?format=json","vulnerability_id":"VCID-k6td-39bu-dqa8","summary":"Code Injection\nRemote Code Execution Vulnerability in shopware.","references":[{"reference_url":"https://community.shopware.com/_detail_1989.html","reference_id":"","reference_type":"","scores":[],"url":"https://community.shopware.com/_detail_1989.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52201?format=json","purl":"pkg:composer/shopware/shopware@5.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ser-mx5j-6fgq"},{"vulnerability":"VCID-2xvz-338c-dygp"},{"vulnerability":"VCID-3ntq-mhs1-buex"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-6cb3-b3qq-juap"},{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-c3rs-ndfu-c3bq"},{"vulnerability":"VCID-c8p5-grny-sue7"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-ecce-958d-k3fx"},{"vulnerability":"VCID-gn89-e5je-ybeb"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-mu45-9nhk-f7a5"},{"vulnerability":"VCID-pb56-zbvy-q7b9"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-s65a-68au-eyeg"},{"vulnerability":"VCID-vzee-b74h-jqez"},{"vulnerability":"VCID-vzv3-795x-gfhd"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wh8d-hm8t-vkfm"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.2.16"}],"aliases":["GMS-2017-342"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6td-39bu-dqa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201114?format=json","vulnerability_id":"VCID-mekd-thy7-63cz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36101","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64652","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36101"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/af5cdbc81d60f21b728e1433aeb8837f25938d2a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/"}],"url":"https://github.com/shopware/shopware/commit/af5cdbc81d60f21b728e1433aeb8837f25938d2a"},{"reference_url":"https://packagist.org/packages/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/"}],"url":"https://packagist.org/packages/shopware/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36101","reference_id":"CVE-2022-36101","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36101"},{"reference_url":"https://github.com/advisories/GHSA-6vfq-jmxg-g58r","reference_id":"GHSA-6vfq-jmxg-g58r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6vfq-jmxg-g58r"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-6vfq-jmxg-g58r","reference_id":"GHSA-6vfq-jmxg-g58r","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-6vfq-jmxg-g58r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79199?format=json","purl":"pkg:composer/shopware/shopware@5.7.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-trhv-dwjm-zfav"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.15"}],"aliases":["CVE-2022-36101","GHSA-6vfq-jmxg-g58r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mekd-thy7-63cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15630?format=json","vulnerability_id":"VCID-mg54-375u-vfhr","summary":"Weak Password Recovery Mechanism for Forgotten Password\nShopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24892","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52104","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24892"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://www.shopware.com/en/changelog-sw5/#5-7-9","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/"}],"url":"https://www.shopware.com/en/changelog-sw5/#5-7-9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24892","reference_id":"CVE-2022-24892","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24892"},{"reference_url":"https://github.com/advisories/GHSA-3qrq-r688-vvh4","reference_id":"GHSA-3qrq-r688-vvh4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3qrq-r688-vvh4"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4","reference_id":"GHSA-3qrq-r688-vvh4","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:43Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60549?format=json","purl":"pkg:composer/shopware/shopware@5.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-trhv-dwjm-zfav"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.9"}],"aliases":["CVE-2022-24892","GHSA-3qrq-r688-vvh4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mg54-375u-vfhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13237?format=json","vulnerability_id":"VCID-mu45-9nhk-f7a5","summary":"Externally Controlled Reference to a Resource in Another Sphere\nShopware has a PHP Object Instantiation issue via the `sort` parameter to the `loadPreviewAction()` method of the `Shopware_Controllers_Backend_ProductStream` controller, with resultant XXE via instantiation of a `SimpleXMLElement` object.","references":[{"reference_url":"http://packetstormsecurity.com/files/152995/Shopware-createInstanceFromNamedArguments-PHP-Object-Instantiation.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/152995/Shopware-createInstanceFromNamedArguments-PHP-Object-Instantiation.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18357","reference_id":"","reference_type":"","scores":[{"value":"0.57295","scoring_system":"epss","scoring_elements":"0.98184","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18357"},{"reference_url":"https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe"},{"reference_url":"https://demo.ripstech.com/projects/shopware_5.3.3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://demo.ripstech.com/projects/shopware_5.3.3"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46915.rb","reference_id":"CVE-2017-18357","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46915.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18357","reference_id":"CVE-2017-18357","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18357"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/shopware_createinstancefromnamedarguments_rce.rb","reference_id":"CVE-2017-18357","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/shopware_createinstancefromnamedarguments_rce.rb"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53413?format=json","purl":"pkg:composer/shopware/shopware@5.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ser-mx5j-6fgq"},{"vulnerability":"VCID-2xvz-338c-dygp"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-6cb3-b3qq-juap"},{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-c3rs-ndfu-c3bq"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-pb56-zbvy-q7b9"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-s65a-68au-eyeg"},{"vulnerability":"VCID-vzee-b74h-jqez"},{"vulnerability":"VCID-vzv3-795x-gfhd"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.3.4"}],"aliases":["CVE-2017-18357","GHSA-6m27-7cqj-2mxw"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mu45-9nhk-f7a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/154043?format=json","vulnerability_id":"VCID-qdc8-dtad-zfaj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13971","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54183","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13971"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-07-2020"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13971","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13971"},{"reference_url":"https://www.shopware.com/en/changelog/#6-2-3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/changelog/#6-2-3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/417789?format=json","purl":"pkg:composer/shopware/shopware@6.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.2.3"}],"aliases":["CVE-2020-13971","GHSA-fxf3-wx3c-76pf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdc8-dtad-zfaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/348060?format=json","vulnerability_id":"VCID-s65a-68au-eyeg","summary":"### Impact\nPersistent XSS in shopping worlds\n\n### Patches\n\nWe recommend updating to the current version 5.6.9. You can get the update to 5.6.9 regularly via the Auto-Updater or directly via the download overview.\n\nFor older versions you can use the Security Plugin:\nhttps://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html\n\n### References\nhttps://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020","references":[{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-28fw-88hq-6jmm","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-28fw-88hq-6jmm"},{"reference_url":"https://github.com/advisories/GHSA-28fw-88hq-6jmm","reference_id":"GHSA-28fw-88hq-6jmm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-28fw-88hq-6jmm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/202987?format=json","purl":"pkg:composer/shopware/shopware@5.6.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-c31u-jza2-hke9"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-trhv-dwjm-zfav"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"},{"vulnerability":"VCID-zhc5-hvqg-gbf4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.6.9"}],"aliases":["GHSA-28fw-88hq-6jmm","GMS-2020-599"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s65a-68au-eyeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/348054?format=json","vulnerability_id":"VCID-vzee-b74h-jqez","summary":"Persistent XSS in customer module in Shopware\n### Impact\nPersistent XSS in customer  module\n\n### Patches\n\nWe recommend updating to the current version 5.6.9. You can get the update to 5.6.9 regularly via the Auto-Updater or directly via the download overview.\n\nFor older versions you can use the Security Plugin:\nhttps://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html\n\n### References\nhttps://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020","references":[{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-6gv9-7q4g-pmvm","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-6gv9-7q4g-pmvm"},{"reference_url":"https://github.com/advisories/GHSA-6gv9-7q4g-pmvm","reference_id":"GHSA-6gv9-7q4g-pmvm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6gv9-7q4g-pmvm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/202987?format=json","purl":"pkg:composer/shopware/shopware@5.6.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-c31u-jza2-hke9"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-trhv-dwjm-zfav"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"},{"vulnerability":"VCID-zhc5-hvqg-gbf4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.6.9"}],"aliases":["GHSA-6gv9-7q4g-pmvm","GMS-2020-600"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzee-b74h-jqez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13238?format=json","vulnerability_id":"VCID-vzv3-795x-gfhd","summary":"Shopware allows SQL Injection by remote authenticated users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20713","reference_id":"","reference_type":"","scores":[{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70371","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20713"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2018","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2018"},{"reference_url":"https://github.com/shopware5/shopware/commit/73cb46727050e28a0d7c2cf8471baaa3eaf2e5e8","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware/commit/73cb46727050e28a0d7c2cf8471baaa3eaf2e5e8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20713","reference_id":"CVE-2018-20713","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56326?format=json","purl":"pkg:composer/shopware/shopware@5.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ser-mx5j-6fgq"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-6cb3-b3qq-juap"},{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-c3rs-ndfu-c3bq"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-s65a-68au-eyeg"},{"vulnerability":"VCID-vzee-b74h-jqez"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.4.3"}],"aliases":["CVE-2018-20713","GHSA-42gv-77f4-r3j9"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzv3-795x-gfhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15211?format=json","vulnerability_id":"VCID-wb2q-jutm-gkgu","summary":"Insufficient Session Expiration\nShopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24744","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36548","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24744"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates"},{"reference_url":"https://github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24744","reference_id":"CVE-2022-24744","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24744"},{"reference_url":"https://github.com/advisories/GHSA-w267-m9c4-8555","reference_id":"GHSA-w267-m9c4-8555","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w267-m9c4-8555"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555","reference_id":"GHSA-w267-m9c4-8555","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:14Z/"}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555"}],"fixed_packages":[],"aliases":["CVE-2022-24744","GHSA-w267-m9c4-8555"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wb2q-jutm-gkgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11430?format=json","vulnerability_id":"VCID-wh8d-hm8t-vkfm","summary":"Code Injection\nRemote Code Execution Vulnerability in shopware.","references":[{"reference_url":"https://community.shopware.com/_detail_2015.html","reference_id":"","reference_type":"","scores":[],"url":"https://community.shopware.com/_detail_2015.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52619?format=json","purl":"pkg:composer/shopware/shopware@5.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ser-mx5j-6fgq"},{"vulnerability":"VCID-2xvz-338c-dygp"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-6cb3-b3qq-juap"},{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-c3rs-ndfu-c3bq"},{"vulnerability":"VCID-c8p5-grny-sue7"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-ecce-958d-k3fx"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-mu45-9nhk-f7a5"},{"vulnerability":"VCID-pb56-zbvy-q7b9"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-s65a-68au-eyeg"},{"vulnerability":"VCID-vzee-b74h-jqez"},{"vulnerability":"VCID-vzv3-795x-gfhd"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.2.25"}],"aliases":["GMS-2017-343"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wh8d-hm8t-vkfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15544?format=json","vulnerability_id":"VCID-wxfs-kd2p-nbbv","summary":"Server-Side Request Forgery (SSRF) in Shopware\nShopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24871","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57573","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24871"},{"reference_url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022"},{"reference_url":"https://github.com/shopware/platform","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform"},{"reference_url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24871","reference_id":"CVE-2022-24871","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24871"},{"reference_url":"https://github.com/advisories/GHSA-7gm7-8q8v-9gf2","reference_id":"GHSA-7gm7-8q8v-9gf2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7gm7-8q8v-9gf2"},{"reference_url":"https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2","reference_id":"GHSA-7gm7-8q8v-9gf2","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60403?format=json","purl":"pkg:composer/shopware/shopware@6.4.10%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@6.4.10%252B1"}],"aliases":["CVE-2022-24871","GHSA-7gm7-8q8v-9gf2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxfs-kd2p-nbbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11264?format=json","vulnerability_id":"VCID-ztq4-mw67-d3g4","summary":"Remote Code Execution Vulnerability\nUnder certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware.","references":[{"reference_url":"http://en.community.shopware.com/_detail_1989.html","reference_id":"","reference_type":"","scores":[],"url":"http://en.community.shopware.com/_detail_1989.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52201?format=json","purl":"pkg:composer/shopware/shopware@5.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ser-mx5j-6fgq"},{"vulnerability":"VCID-2xvz-338c-dygp"},{"vulnerability":"VCID-3ntq-mhs1-buex"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-6cb3-b3qq-juap"},{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-c3rs-ndfu-c3bq"},{"vulnerability":"VCID-c8p5-grny-sue7"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-ecce-958d-k3fx"},{"vulnerability":"VCID-gn89-e5je-ybeb"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-mu45-9nhk-f7a5"},{"vulnerability":"VCID-pb56-zbvy-q7b9"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-s65a-68au-eyeg"},{"vulnerability":"VCID-vzee-b74h-jqez"},{"vulnerability":"VCID-vzv3-795x-gfhd"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wh8d-hm8t-vkfm"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.2.16"}],"aliases":["GMS-2017-106"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztq4-mw67-d3g4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340824?format=json","vulnerability_id":"VCID-zvvd-66ys-1yf6","summary":"Shopware Remote Code Execution Vulnerability","references":[{"reference_url":"https://community.shopware.com/_detail_1989.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://community.shopware.com/_detail_1989.html"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2017?category=shopware-5-en/security-updates","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2017?category=shopware-5-en/security-updates"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2017-01-24.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2017-01-24.yaml"},{"reference_url":"https://github.com/shopware5/shopware","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware"},{"reference_url":"https://github.com/shopware5/shopware/commit/14299e9ee9f7d93f687b4ec838e0873afbc84fec","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware/commit/14299e9ee9f7d93f687b4ec838e0873afbc84fec"},{"reference_url":"https://github.com/advisories/GHSA-q3g4-2vw9-xv27","reference_id":"GHSA-q3g4-2vw9-xv27","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3g4-2vw9-xv27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52152?format=json","purl":"pkg:composer/shopware/shopware@5.2.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ser-mx5j-6fgq"},{"vulnerability":"VCID-2xvz-338c-dygp"},{"vulnerability":"VCID-3ntq-mhs1-buex"},{"vulnerability":"VCID-64sz-7hp3-ykds"},{"vulnerability":"VCID-6cb3-b3qq-juap"},{"vulnerability":"VCID-723p-njjg-efbn"},{"vulnerability":"VCID-8n77-xfpc-sucm"},{"vulnerability":"VCID-961c-853p-xyfv"},{"vulnerability":"VCID-aqye-gbxj-4kbv"},{"vulnerability":"VCID-bgek-xyh7-ffbu"},{"vulnerability":"VCID-c3rs-ndfu-c3bq"},{"vulnerability":"VCID-c8p5-grny-sue7"},{"vulnerability":"VCID-cmgu-xukg-cfdz"},{"vulnerability":"VCID-ecce-958d-k3fx"},{"vulnerability":"VCID-gn89-e5je-ybeb"},{"vulnerability":"VCID-hxmy-gvzy-ufcg"},{"vulnerability":"VCID-j2nj-awm2-kffb"},{"vulnerability":"VCID-jdsx-yw76-9feu"},{"vulnerability":"VCID-k6td-39bu-dqa8"},{"vulnerability":"VCID-mekd-thy7-63cz"},{"vulnerability":"VCID-mg54-375u-vfhr"},{"vulnerability":"VCID-mu45-9nhk-f7a5"},{"vulnerability":"VCID-pb56-zbvy-q7b9"},{"vulnerability":"VCID-qdc8-dtad-zfaj"},{"vulnerability":"VCID-s65a-68au-eyeg"},{"vulnerability":"VCID-vfdj-s7f8-7bf2"},{"vulnerability":"VCID-vzee-b74h-jqez"},{"vulnerability":"VCID-vzv3-795x-gfhd"},{"vulnerability":"VCID-wb2q-jutm-gkgu"},{"vulnerability":"VCID-wh8d-hm8t-vkfm"},{"vulnerability":"VCID-wxfs-kd2p-nbbv"},{"vulnerability":"VCID-ztq4-mw67-d3g4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.2.15"}],"aliases":["GHSA-q3g4-2vw9-xv27"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zvvd-66ys-1yf6"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.2.0-RC3"}