First published: Thu Apr 28 2022(Updated: )
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Shopware Shopware | >=5.0.0<5.7.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24873 is a vulnerability in Shopware e-commerce software platform that allows non-stored cross-site scripting in the storefront.
CVE-2022-24873 has a severity level of 6.1, which is considered medium.
Versions of Shopware prior to 5.7.9 are affected by CVE-2022-24873.
Users of older Shopware versions can attempt to mitigate the vulnerability by using the Shopware security plugin.
You can find more information about CVE-2022-24873 in the Shopware documentation, security advisories, and changelog.