Описание
Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the .htaccess file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability.
Ссылки
- Release NotesVendor Advisory
- PatchThird Party Advisory
- Release NotesTechnical Description
- Third Party Advisory
- Product
- Release NotesVendor Advisory
- PatchThird Party Advisory
- Release NotesTechnical Description
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 5.7.6 (исключая)
cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00512
Низкий
5.7 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
EPSS
Процентиль: 66%
0.00512
Низкий
5.7 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79