FLAT-4ZVMG – Vulnerability | Fluid Attacks Database

Database

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	shopware/platform	>=5.0.0 <5.7.12	5.7.12
packagist	shopware/core	>=5.0.0 <5.7.12	5.7.12
packagist	shopware/shopware	>=0 <5.7.12	5.7.12

Aliases

1. CVE-2022-310572. NVD-2022-310573. OSV-2022-310574. GHSA-q754-vwc4-p6qj5. GCVE-2022-310576. GHSA-q754-vwc4-p6qj

References

1. https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-20222. https://packagist.org/packages/shopware/shopware3. https://github.com/shopware/shopware/commit/3e025a0a3e123f4108082645b1ced6fb548f7b6f4. https://github.com/shopware/shopware/security/advisories/GHSA-q754-vwc4-p6qj5. https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022?_ga=2.237805696.1286760707.1655914110-2145019146.16559141106. https://www.shopware.com/en/changelog-sw5/#5-7-12

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.