Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The c_database_schema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious JavaScript. This vulnerability can be exploited via a Cross-Site Request Forgery (CSRF) attack due to the absence of CSRF protections on the POST request. An unauthenticated remote attacker can craft a malicious web page that, when visited by a victim, stores the payload persistently in the installation configuration. As a result, the payload executes whenever any user subsequently accesses the vulnerable installation page, leading to persistent client-side code execution.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Shopware 安全漏洞
Vulnerability Description
Shopware是德国Shopware公司的一套开源电子商务软件。 Shopware存在安全漏洞,该漏洞源于安装界面c_database_schema字段清理不足,可能导致存储型跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A