GHSA-5834-xv5q-cgfw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5834-xv5q-cgfw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-5834-xv5q-cgfw/GHSA-5834-xv5q-cgfw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5834-xv5q-cgfw
- Aliases
-
- CVE-2022-31148
- Published
- 2022-07-27T22:06:09Z
- Modified
- 2023-11-08T04:09:27.666191Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Shopware vulnerable to persistent cross site scripting (XSS) in customer module
- Details
-
Impact
Persistent XSS in customer module
Patches
We recommend updating to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview.
For older versions you can use the Security Plugin: https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html
References
https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-07-2022
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed_at": "2022-07-27T22:06:09Z", "nvd_published_at": "2022-08-01T17:15:00Z" }- References
-
- https://github.com/shopware/shopware/security/advisories/GHSA-5834-xv5q-cgfw
- https://nvd.nist.gov/vuln/detail/CVE-2022-31148
- https://github.com/shopware/shopware/commit/7875855005648fba7b39371a70816afae2e07daf
- https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-07-2022
- https://github.com/shopware/shopware
- https://www.shopware.com/en/changelog-sw5/#5-7-14
Affected packages
Packagist / shopware/shopware
Package
- Name
- shopware/shopware
- Purl
- pkg:composer/shopware/shopware