logo

Database

Reflected cross-site scripting (XSS) In shopware/shopware

Description

Shopware Cross-site Scripting Vulnerability Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-129352. NVD-2019-129353. OSV-2019-129354. GCVE-2019-12935

References

1. https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware2. https://www.shopware.com/en/changelog/#5-5-83. http://seclists.org/fulldisclosure/2019/Jun/324. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-12935.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.