Vulnerabilities > Shopware > Shopware > 6.1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-28 | CVE-2020-13997 | Information Exposure Through an Error Message vulnerability in Shopware In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. | 7.5 |
| 2020-07-28 | CVE-2020-13971 | Cross-site Scripting vulnerability in Shopware In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. | 5.4 |
| 2020-07-28 | CVE-2020-13970 | Server-Side Request Forgery (SSRF) vulnerability in Shopware Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. | 8.8 |