CVE-2022-31057

Опубликовано: 27 июн. 2022

Источник: nvd

CVSS3: 6.5

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue.

Ссылки

https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022
Release Notes
Vendor Advisory
https://github.com/shopware/shopware/commit/3e025a0a3e123f4108082645b1ced6fb548f7b6f
Patch
Third Party Advisory
https://github.com/shopware/shopware/security/advisories/GHSA-q754-vwc4-p6qj
Third Party Advisory
https://packagist.org/packages/shopware/shopware
Product
Third Party Advisory
https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022
Release Notes
Vendor Advisory
https://github.com/shopware/shopware/commit/3e025a0a3e123f4108082645b1ced6fb548f7b6f
Patch
Third Party Advisory
https://github.com/shopware/shopware/security/advisories/GHSA-q754-vwc4-p6qj
Third Party Advisory
https://packagist.org/packages/shopware/shopware
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*

Версия от 5.0.0 (включая) до 5.7.12 (исключая)

EPSS

Процентиль: 61%

0.00409

Низкий

6.5 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-q754-vwc4-p6qj

CVSS3: 5.4

github

больше 3 лет назад

Authenticated Stored Cross-site Scripting in Shopware

EPSS

Процентиль: 61%

0.00409

Низкий

6.5 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79