from 0, < 4.3.7
>= 5.3.0, <= 5.6.0
HIGH8.8Shopware SQL Injection
from 0, < 5.4.3
HIGH7.5Malfunction of CSRF token validation in Shopware
>= 5.2.0, < 5.7.9
HIGH7.2Shopware Has Improper Control of Generation of Code in Twig rendered views
>= 6.7.0.0, < 6.7.6.1
HIGH7.1Shopware Storefront Reflected XSS in Storefront Login Page
>= 6.4.6.0, < 6.6.10.10
MEDIUM6.8Open redirect in shopware
>= 5.0.0, < 5.7.7
MEDIUM6.5Shopware XXE Vulnerability
from 0, < 5.3.4
MEDIUM6.4Multiple valid tokens for password reset in Shopware
>= 5.0.4, < 5.7.9
MEDIUM6.3Shopware access control list bypassed via crafted specific URLs
from 0, < 5.7.15
MEDIUM6.1Shopware vulnerable to cross-site scripting (XSS)
from 0, <= 5.5.10
MEDIUM6.1Shopware Cross-site Scripting Vulnerability
from 0, < 5.5.8
MEDIUM6.1Shopware XSS Vulnerability
>= 5.2.5, <= 5.3
MEDIUM5.7Authenticated Stored XSS in shopware/shopware
from 0, < 5.7.6
MEDIUM5.4Shopware contains sensitive data in backend customer module
from 0, < 5.7.15
MEDIUM5.4Shopware vulnerable to persistent cross site scripting (XSS) in customer module
>= 5.7.0, < 5.7.14
MEDIUM5.4Authenticated Stored Cross-site Scripting in Shopware
from 0, < 5.7.12
MEDIUM5.4Reflected Cross-site Scripting in Shopware storefront
from 0, < 5.7.9
MEDIUM5.3Shopware improper mail validation vulnerability
>= 5.1.4, < 5.7.18
MEDIUM5.3Shopware dependency configuration exposed
>= 5.6.0, < 5.7.18
MEDIUM5.3Exposure of Sensitive Information to an Unauthorized Actor
from 0, < 5.6.10
MEDIUM4.8Cross-site scripting
from 0, < 5.6.10
LOW3.5Insufficient Session Expiration in shopware
>= 5.7.3, < 5.7.7