GHSA-5834-xv5q-cgfw

Suggest an improvement
Source
https://github.com/advisories/GHSA-5834-xv5q-cgfw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-5834-xv5q-cgfw/GHSA-5834-xv5q-cgfw.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5834-xv5q-cgfw
Aliases
  • CVE-2022-31148
Published
2022-07-27T22:06:09Z
Modified
2023-11-08T04:09:27.666191Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Shopware vulnerable to persistent cross site scripting (XSS) in customer module
Details

Impact

Persistent XSS in customer module

Patches

We recommend updating to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview.

For older versions you can use the Security Plugin: https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html

References

https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-07-2022

Database specific
{
    "nvd_published_at": "2022-08-01T17:15:00Z",
    "github_reviewed_at": "2022-07-27T22:06:09Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Packagist / shopware/shopware

Package

Name
shopware/shopware
Purl
pkg:composer/shopware/shopware

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.7.0
Fixed
5.7.14

Affected versions

v5.*

v5.7.0
v5.7.1
v5.7.2
v5.7.3
v5.7.4
v5.7.5
v5.7.6
v5.7.7
v5.7.8
v5.7.9
v5.7.10
v5.7.11
v5.7.12
v5.7.13

Database specific

{
    "last_known_affected_version_range": "<= 5.7.13"
}