{"url":"http://public2.vulnerablecode.io/api/packages/24908?format=json","purl":"pkg:composer/shopware/shopware@5.7.12","type":"composer","namespace":"shopware","name":"shopware","version":"5.7.12","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.7.18","latest_non_vulnerable_version":"6.7.2+1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166991?format=json","vulnerability_id":"VCID-d3za-bchr-uycm","summary":"Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Users are advised to update to the current version (5.7.15). Users can get the update via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36102","reference_id":"","reference_type":"","scores":[{"value":"0.00612","scoring_system":"epss","scoring_elements":"0.703","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36102"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36102","reference_id":"CVE-2022-36102","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36102"},{"reference_url":"https://github.com/shopware/shopware/commit/de92d3a78279119a5bbe203054f8fa1d25126af6","reference_id":"de92d3a78279119a5bbe203054f8fa1d25126af6","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/"}],"url":"https://github.com/shopware/shopware/commit/de92d3a78279119a5bbe203054f8fa1d25126af6"},{"reference_url":"https://github.com/advisories/GHSA-qc43-pgwq-3q2q","reference_id":"GHSA-qc43-pgwq-3q2q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qc43-pgwq-3q2q"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-qc43-pgwq-3q2q","reference_id":"GHSA-qc43-pgwq-3q2q","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-qc43-pgwq-3q2q"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022","reference_id":"security-update-09-2022","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022"},{"reference_url":"https://packagist.org/packages/shopware/shopware","reference_id":"shopware","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:00Z/"}],"url":"https://packagist.org/packages/shopware/shopware"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26521?format=json","purl":"pkg:composer/shopware/shopware@5.7.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h296-uh2x-6kfn"},{"vulnerability":"VCID-s33d-ab46-y7an"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.15"}],"aliases":["CVE-2022-36102","GHSA-qc43-pgwq-3q2q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3za-bchr-uycm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142047?format=json","vulnerability_id":"VCID-h296-uh2x-6kfn","summary":"Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34099","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33911","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34099"},{"reference_url":"https://github.com/shopware5/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware"},{"reference_url":"https://github.com/shopware5/shopware/security/advisories/GHSA-gh66-fp7j-98v5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware/security/advisories/GHSA-gh66-fp7j-98v5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34099","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34099"},{"reference_url":"https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d","reference_id":"39cc714d9a0be33b43877044d0b88ea3c6b43f3d","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/"}],"url":"https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d"},{"reference_url":"https://www.shopware.com/en/changelog-sw5/#5-7-18","reference_id":"#5-7-18","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/"}],"url":"https://www.shopware.com/en/changelog-sw5/#5-7-18"},{"reference_url":"https://github.com/advisories/GHSA-gh66-fp7j-98v5","reference_id":"GHSA-gh66-fp7j-98v5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gh66-fp7j-98v5"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5","reference_id":"GHSA-gh66-fp7j-98v5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023","reference_id":"security-update-06-2023","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:02:39Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381787?format=json","purl":"pkg:composer/shopware/shopware@5.7.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.18"}],"aliases":["CVE-2023-34099","GHSA-gh66-fp7j-98v5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h296-uh2x-6kfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142227?format=json","vulnerability_id":"VCID-s33d-ab46-y7an","summary":"Shopware is an open source e-commerce software. Due to an incorrect configuration in the `.htaccess` file, the configuration file of the Javascript could be read in production environments (`themes/package-lock.json`). With this information, the specific Shopware version in a deployment might be determined by an attacker, which could be used for further attacks. Users are advised to update to version 5.7.18. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34098","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5112","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34098"},{"reference_url":"https://github.com/shopware5/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware"},{"reference_url":"https://github.com/shopware5/shopware/security/advisories/GHSA-q97c-2mh3-pgw9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware5/shopware/security/advisories/GHSA-q97c-2mh3-pgw9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34098","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34098"},{"reference_url":"https://www.shopware.com/en/changelog-sw5/#5-7-18","reference_id":"#5-7-18","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:04:30Z/"}],"url":"https://www.shopware.com/en/changelog-sw5/#5-7-18"},{"reference_url":"https://github.com/shopware5/shopware/commit/b3518c8d9562a38615d638f31f79829f6e2f4b6a","reference_id":"b3518c8d9562a38615d638f31f79829f6e2f4b6a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:04:30Z/"}],"url":"https://github.com/shopware5/shopware/commit/b3518c8d9562a38615d638f31f79829f6e2f4b6a"},{"reference_url":"https://github.com/advisories/GHSA-q97c-2mh3-pgw9","reference_id":"GHSA-q97c-2mh3-pgw9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q97c-2mh3-pgw9"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-q97c-2mh3-pgw9","reference_id":"GHSA-q97c-2mh3-pgw9","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:04:30Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-q97c-2mh3-pgw9"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023","reference_id":"security-update-06-2023","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T17:04:30Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381787?format=json","purl":"pkg:composer/shopware/shopware@5.7.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.18"}],"aliases":["CVE-2023-34098","GHSA-q97c-2mh3-pgw9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s33d-ab46-y7an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167052?format=json","vulnerability_id":"VCID-u5yn-sd89-qfhy","summary":"Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36101","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64788","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36101"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://github.com/shopware/shopware/commit/af5cdbc81d60f21b728e1433aeb8837f25938d2a","reference_id":"af5cdbc81d60f21b728e1433aeb8837f25938d2a","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/"}],"url":"https://github.com/shopware/shopware/commit/af5cdbc81d60f21b728e1433aeb8837f25938d2a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36101","reference_id":"CVE-2022-36101","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36101"},{"reference_url":"https://github.com/advisories/GHSA-6vfq-jmxg-g58r","reference_id":"GHSA-6vfq-jmxg-g58r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6vfq-jmxg-g58r"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-6vfq-jmxg-g58r","reference_id":"GHSA-6vfq-jmxg-g58r","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-6vfq-jmxg-g58r"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022","reference_id":"security-update-09-2022","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022"},{"reference_url":"https://packagist.org/packages/shopware/shopware","reference_id":"shopware","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:02Z/"}],"url":"https://packagist.org/packages/shopware/shopware"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26521?format=json","purl":"pkg:composer/shopware/shopware@5.7.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h296-uh2x-6kfn"},{"vulnerability":"VCID-s33d-ab46-y7an"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.15"}],"aliases":["CVE-2022-36101","GHSA-6vfq-jmxg-g58r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5yn-sd89-qfhy"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167461?format=json","vulnerability_id":"VCID-7yxt-j9gh-1udq","summary":"Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31057","reference_id":"","reference_type":"","scores":[{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61688","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31057"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022?_ga=2.237805696.1286760707.1655914110-2145019146.1655914110","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022?_ga=2.237805696.1286760707.1655914110-2145019146.1655914110"},{"reference_url":"https://github.com/shopware/shopware","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/shopware/shopware"},{"reference_url":"https://www.shopware.com/en/changelog-sw5/#5-7-12","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.shopware.com/en/changelog-sw5/#5-7-12"},{"reference_url":"https://github.com/shopware/shopware/commit/3e025a0a3e123f4108082645b1ced6fb548f7b6f","reference_id":"3e025a0a3e123f4108082645b1ced6fb548f7b6f","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:38Z/"}],"url":"https://github.com/shopware/shopware/commit/3e025a0a3e123f4108082645b1ced6fb548f7b6f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31057","reference_id":"CVE-2022-31057","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31057"},{"reference_url":"https://github.com/advisories/GHSA-q754-vwc4-p6qj","reference_id":"GHSA-q754-vwc4-p6qj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q754-vwc4-p6qj"},{"reference_url":"https://github.com/shopware/shopware/security/advisories/GHSA-q754-vwc4-p6qj","reference_id":"GHSA-q754-vwc4-p6qj","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:38Z/"}],"url":"https://github.com/shopware/shopware/security/advisories/GHSA-q754-vwc4-p6qj"},{"reference_url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022","reference_id":"security-update-06-2022","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:38Z/"}],"url":"https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022"},{"reference_url":"https://packagist.org/packages/shopware/shopware","reference_id":"shopware","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:38Z/"}],"url":"https://packagist.org/packages/shopware/shopware"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24908?format=json","purl":"pkg:composer/shopware/shopware@5.7.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d3za-bchr-uycm"},{"vulnerability":"VCID-h296-uh2x-6kfn"},{"vulnerability":"VCID-s33d-ab46-y7an"},{"vulnerability":"VCID-u5yn-sd89-qfhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.12"}],"aliases":["CVE-2022-31057","GHSA-q754-vwc4-p6qj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7yxt-j9gh-1udq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/shopware/shopware@5.7.12"}