Vulnerabilities > Shopware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-32716 | Incorrect Authorization vulnerability in Shopware Shopware is an open source eCommerce platform. | 4.9 |
| 2021-06-24 | CVE-2021-32717 | Incorrect Permission Assignment for Critical Resource vulnerability in Shopware Shopware is an open source eCommerce platform. | 7.5 |
| 2021-06-24 | CVE-2021-32710 | Session Fixation vulnerability in Shopware Shopware is an open source eCommerce platform. | 5.0 |
| 2021-06-24 | CVE-2021-32711 | Information Exposure vulnerability in Shopware Shopware is an open source eCommerce platform. | 5.0 |
| 2021-06-24 | CVE-2021-32709 | Missing Authentication for Critical Function vulnerability in Shopware Shopware is an open source eCommerce platform. | 4.0 |
| 2020-07-28 | CVE-2020-13997 | Insufficiently Protected Credentials vulnerability in Shopware In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. | 5.0 |
| 2020-07-28 | CVE-2020-13971 | Cross-site Scripting vulnerability in Shopware In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. | 3.5 |
| 2020-07-28 | CVE-2020-13970 | Server-Side Request Forgery (SSRF) vulnerability in Shopware Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. | 6.5 |
| 2019-06-23 | CVE-2019-12935 | Cross-site Scripting vulnerability in Shopware Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI. | 4.3 |
| 2019-06-13 | CVE-2019-12799 | Deserialization of Untrusted Data vulnerability in Shopware In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. | 8.8 |