Описание
Shopware Non-Persistent XSS in the Frontend
A non-persistent Cross-Site Scripting (XSS) vulnerability has been identified in the Shopware eCommerce platform within the frontend. This vulnerability may allow an attacker to inject and execute malicious scripts in the context of a victim's web browser.
Ссылки
- https://github.com/shopware5/shopware/commit/54461aa651566dc2701b873fe6bd94589604751b
- https://community.shopware.com/_detail_2048.html
- https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2018?category=shopware-5-en/security-updates
- https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2018-01-22.yaml
Пакеты
Наименование
shopware/shopware
composer
Затронутые версииВерсия исправления
>= 5.2.0, < 5.3.7
5.3.7
6.1 Medium
CVSS3
Дефекты
CWE-79
6.1 Medium
CVSS3
Дефекты
CWE-79