Vulnerabilities > Shopware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-32713 | Unspecified vulnerability in Shopware Shopware is an open source eCommerce platform. | 4.8 |
| 2021-06-24 | CVE-2021-32716 | Incorrect Authorization vulnerability in Shopware Shopware is an open source eCommerce platform. | 4.9 |
| 2021-06-24 | CVE-2021-32709 | Unspecified vulnerability in Shopware Shopware is an open source eCommerce platform. | 4.9 |
| 2020-07-28 | CVE-2020-13971 | Cross-site Scripting vulnerability in Shopware In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. | 5.4 |
| 2019-06-23 | CVE-2019-12935 | Cross-site Scripting vulnerability in Shopware Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI. | 6.1 |
| 2019-01-15 | CVE-2017-18357 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Shopware Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object. | 6.5 |
| 2017-10-16 | CVE-2017-15374 | Cross-site Scripting vulnerability in Shopware Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. | 6.1 |