GHSA-jqr7-5h7r-ch8p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jqr7-5h7r-ch8p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-jqr7-5h7r-ch8p/GHSA-jqr7-5h7r-ch8p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jqr7-5h7r-ch8p
- Published
- 2024-05-21T20:42:46Z
- Modified
- 2024-12-06T05:30:39.869511Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Shopware Non-Persistent XSS in the Frontend
- Details
-
A non-persistent Cross-Site Scripting (XSS) vulnerability has been identified in the Shopware eCommerce platform within the frontend. This vulnerability may allow an attacker to inject and execute malicious scripts in the context of a victim's web browser.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-05-21T20:42:46Z" }- References
-
- https://github.com/shopware5/shopware/commit/54461aa651566dc2701b873fe6bd94589604751b
- https://community.shopware.com/_detail_2048.html
- https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2018?category=shopware-5-en/security-updates
- https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2018-01-22.yaml
- https://github.com/shopware5/shopware
Affected packages
Packagist / shopware/shopware
Package
- Name
- shopware/shopware
- Purl
- pkg:composer/shopware/shopware