shopware Platform Vulnerabilities
Shopware Platform vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Improper Input Validation of Clearance sale in cart
CVE-2023-22730ShopwarePlatform5.3MEDIUMImproper Control of Generation of Code in Twig rendered views in shopware
CVE-2023-22731ShopwarePlatform10CRITICALInsufficient Session Expiration in Administration in shopware
CVE-2023-22732ShopwarePlatform3.7LOWImproper Output Neutralization in Log Module in shopware
CVE-2023-22733ShopwarePlatform2.7LOWImproper Input Newsletter subscription option validation in shopware
CVE-2023-22734ShopwarePlatform4.3MEDIUMImproper Access Control in shopware
CVE-2022-24872ShopwarePlatform8.1HIGHServer-Side Request Forgery (SSRF) in Shopware
CVE-2022-24871ShopwarePlatform7.2HIGHInsufficient Session Expiration in shopware
CVE-2022-24744ShopwarePlatform2.6LOWGuest session is shared between customers in shopware
CVE-2022-24745ShopwarePlatform4.8MEDIUMHTML injection possibility in voucher code form
CVE-2022-24746ShopwarePlatform6.1MEDIUMHTTP caching is marking private HTTP headers as public
CVE-2022-24747ShopwarePlatform6.3MEDIUMIncorrect Authentication in shopware
CVE-2022-24748ShopwarePlatform6.8MEDIUMCross-Site Scripting via SVG media files
CVE-2021-37710ShopwarePlatform8HIGHAuthenticated server-side request forgery in file upload via URL.
CVE-2021-37711ShopwarePlatform8.8HIGHInsecure direct object reference of log files of the Import/Export feature
CVE-2021-37709ShopwarePlatform6.5MEDIUMCommand injection in mail agent settings
CVE-2021-37708ShopwarePlatform8.8HIGHManipulation of product reviews via API
CVE-2021-37707ShopwarePlatform6.5MEDIUMPrivate files publicly accessible with Cloud Storage providers
CVE-2021-32717ShopwarePlatform7.5HIGHInternal hidden fields are visible on to many associations in admin api
CVE-2021-32716ShopwarePlatform4.4MEDIUMLeak of information via Store-API
CVE-2021-32711ShopwarePlatform9.1CRITICALPotential Session Hijacking in Shopware
CVE-2021-32710ShopwarePlatform5.9MEDIUMCreation of order credits was not validated by acl in admin orders
CVE-2021-32709ShopwarePlatform4.9MEDIUM