GHSA-mj9r-fpv3-rgfx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mj9r-fpv3-rgfx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-mj9r-fpv3-rgfx/GHSA-mj9r-fpv3-rgfx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-mj9r-fpv3-rgfx
- Aliases
-
- CVE-2022-48150
- Published
- 2023-04-21T15:30:18Z
- Modified
- 2024-02-16T08:12:31.496479Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Shopware vulnerable to cross-site scripting (XSS)
- Details
-
Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability.
- Database specific
{ "nvd_published_at": "2023-04-21T14:15:07Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-04-21T19:55:03Z" }- References
Affected packages
Packagist / shopware/shopware
Package
- Name
- shopware/shopware
- Purl
- pkg:composer/shopware/shopware
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected5.5.10
Affected versions
1.*
1.0.2
1.0.8
4.*
4.2.0-rc.1
4.2.0
4.2.1
4.2.1.1
4.2.2
4.2.3
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
v5.*
v5.0.0-BETA1
v5.0.0-BETA2
v5.0.0-RC1
v5.0.0-RC2
v5.0.0-RC3
v5.0.0
v5.0.1
v5.0.2-RC1
v5.0.2
v5.0.3-RC1
v5.0.3
v5.0.4-RC1
v5.0.4
v5.1.0-RC2
v5.1.0-RC3
v5.1.0
v5.1.1
v5.1.2-RC1
v5.1.2-RC2
v5.1.2
v5.1.3-RC1
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.2.0-BETA1
v5.2.0-RC1
v5.2.0-RC2
v5.2.0-RC3
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.5
v5.2.6
v5.2.7
v5.2.8
v5.2.9
v5.2.10
v5.2.11
v5.2.12
v5.2.13
v5.2.14
v5.2.15
v5.2.16
v5.2.17
v5.2.18
v5.2.19
v5.2.20
v5.2.21
v5.2.22
v5.2.23
v5.2.24
v5.2.25
v5.2.26
v5.2.27
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.4.0-RC1
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v5.4.5
v5.4.6
v5.5.0-BETA1
v5.5.0-RC1
v5.5.0
v5.5.1
v5.5.2
v5.5.3
v5.5.4
v5.5.5
v5.5.6
v5.5.7
v5.5.8
v5.5.9
v5.5.10
5.*
5.3.0