logo

Database

Reflected cross-site scripting (XSS) In shopware/core

Description

Non-persistent XSS in the Storefront in Shopware

Impact

Non-persistent XSS in the Storefront

Patches

We recommend to update to the current version 6.3.1.1. You can get the update to 6.3.1.1 regularly via the Auto-Updater or directly via the download overview.

For older versions you can use the Security Plugin: https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659

References

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-09-2020

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GHSA-qvhr-55hg-3qwv2. GCVE-GHSA-qvhr-55hg-3qwv

References

1. https://github.com/shopware/platform/security/advisories/GHSA-qvhr-55hg-3qwv2. https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-09-2020

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.