Vulnerability Description
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shopware | Shopware | >= 5.0.0, < 5.7.9 |
Related Weaknesses (CWE)
References
- https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2Vendor Advisory
- https://github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59wThird Party Advisory
- https://www.shopware.com/en/changelog-sw5/#5-7-9Release NotesVendor Advisory
- https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2Vendor Advisory
- https://github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59wThird Party Advisory
- https://www.shopware.com/en/changelog-sw5/#5-7-9Release NotesVendor Advisory
FAQ
What is CVE-2022-24873?
CVE-2022-24873 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. User...
How severe is CVE-2022-24873?
CVE-2022-24873 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24873?
Check the references section above for vendor advisories and patch information. Affected products include: Shopware Shopware.