| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-34098 | Dependency configuration exposed in Shopware | shopware | shopware | Medium | 5.3 | 2023-06-27 16:25:15 | Deep Dive |
| CVE-2023-2017 | Improper Control of Generation of Code in Twig Rendered Views in Shopware | Shopware AG | Shopware 6 | High | 8.8 | 2023-04-17 10:18:28 | Deep Dive |
| CVE-2023-23941 | SwagPayPal payment not sent to PayPal correctly | shopware | SwagPayPal | High | 7.5 | 2023-02-03 20:26:53 | Deep Dive |
| CVE-2023-22733 | Improper Output Neutralization in Log Module in shopware | shopware | platform | Low | 2.7 | 2023-01-17 21:37:44 | Deep Dive |
| CVE-2023-22732 | Insufficient Session Expiration in Administration in shopware | shopware | platform | Low | 3.7 | 2023-01-17 21:34:27 | Deep Dive |
| CVE-2023-22731 | Improper Control of Generation of Code in Twig rendered views in shopware | shopware | platform | Critical | 9.9 | 2023-01-17 21:31:46 | Deep Dive |
| CVE-2023-22730 | Improper Input Validation of Clearance sale in cart | shopware | platform | Medium | 5.3 | 2023-01-17 21:27:51 | Deep Dive |
| CVE-2023-22734 | Improper Input Newsletter subscription option validation in shopware | shopware | platform | Medium | 4.3 | 2023-01-17 21:21:24 | Deep Dive |
| CVE-2022-36102 | Acess control list bypassed via crafted specific URLs | shopware | shopware | Medium | 6.3 | 2022-09-12 20:00:24 | Deep Dive |
| CVE-2022-36101 | Sensitive data in backend customer module | shopware | shopware | Medium | 5.4 | 2022-09-12 20:00:16 | Deep Dive |
| CVE-2022-31148 | Persistent cross site scripting in customer module in Shopware | shopware | shopware | Medium | 5.4 | 2022-08-01 17:10:12 | Deep Dive |
| CVE-2022-31057 | Authenticated Stored XSS in Shopware Administration | shopware | shopware | Medium | 6.5 | 2022-06-27 19:30:26 | Deep Dive |
| CVE-2022-24892 | Multiple valid tokens for password reset in Shopware | shopware | shopware | Medium | 6.4 | 2022-04-28 14:20:12 | Deep Dive |
| CVE-2022-24879 | Malfunction of Cross-Site Request Forgery token validation | shopware | shopware | High | 7.5 | 2022-04-28 14:15:14 | Deep Dive |
| CVE-2022-24873 | Non-Stored Cross-site Scripting in Shopware storefront | shopware | shopware | Medium | 5.4 | 2022-04-28 13:45:14 | Deep Dive |
| CVE-2022-24872 | Improper Access Control in shopware | shopware | platform | High | 8.1 | 2022-04-20 19:15:14 | Deep Dive |
| CVE-2022-24871 | Server-Side Request Forgery (SSRF) in Shopware | shopware | platform | High | 7.2 | 2022-04-20 19:05:11 | Deep Dive |
| CVE-2022-24744 | Insufficient Session Expiration in shopware | shopware | platform | Low | 2.6 | 2022-03-09 22:25:33 | Deep Dive |
| CVE-2022-24745 | Guest session is shared between customers in shopware | shopware | platform | Medium | 4.8 | 2022-03-09 22:25:28 | Deep Dive |
| CVE-2022-24746 | HTML injection possibility in voucher code form | shopware | platform | Medium | 6.1 | 2022-03-09 22:25:23 | Deep Dive |