Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

shopware — Vulnerabilities & Security Advisories 56

Browse all 56 CVE security advisories affecting shopware. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by shopware:shopwareplatformcoreSwagPayPalcommercial
CVE IDTitleCVSSSeverityPublished
CVE-2022-31057 Authenticated Stored XSS in Shopware Administration — shopwareCWE-79 6.5 Medium2022-06-27
CVE-2022-24892 Multiple valid tokens for password reset in Shopware — shopwareCWE-640 6.4 Medium2022-04-28
CVE-2022-24879 Malfunction of Cross-Site Request Forgery token validation — shopwareCWE-352 7.5 High2022-04-28
CVE-2022-24873 Non-Stored Cross-site Scripting in Shopware storefront — shopwareCWE-79 5.4 Medium2022-04-28
CVE-2022-24872 Improper Access Control in shopware — platformCWE-732 8.1 High2022-04-20
CVE-2022-24871 Server-Side Request Forgery (SSRF) in Shopware — platformCWE-918 7.2 High2022-04-20
CVE-2022-24744 Insufficient Session Expiration in shopware — platformCWE-613 2.6 Low2022-03-09
CVE-2022-24745 Guest session is shared between customers in shopware — platformCWE-384 4.8 Medium2022-03-09
CVE-2022-24746 HTML injection possibility in voucher code form — platformCWE-79 6.1 Medium2022-03-09
CVE-2022-24747 HTTP caching is marking private HTTP headers as public — platformCWE-200 6.3 Medium2022-03-09
CVE-2022-24748 Incorrect Authentication in shopware — platformCWE-287 6.8 Medium2022-03-09
CVE-2022-21652 Insufficient Session Expiration in shopware — shopwareCWE-613 3.5 Low2022-01-05
CVE-2022-21651 Open redirect in shopware — shopwareCWE-601 6.8 Medium2022-01-05
CVE-2021-41188 Authenticated Stored XSS in Administration — shopwareCWE-79 5.7 Medium2021-10-26
CVE-2021-37711 Authenticated server-side request forgery in file upload via URL. — platformCWE-918 8.8 High2021-08-16
CVE-2021-37710 Cross-Site Scripting via SVG media files — platformCWE-79 8.0 High2021-08-16
CVE-2021-37709 Insecure direct object reference of log files of the Import/Export feature — platformCWE-532 6.5 Medium2021-08-16
CVE-2021-37708 Command injection in mail agent settings — platformCWE-77 8.8 High2021-08-16
CVE-2021-37707 Manipulation of product reviews via API — platformCWE-20 6.5 Medium2021-08-16
CVE-2021-32717 Private files publicly accessible with Cloud Storage providers — platformCWE-200 7.5 High2021-06-24
CVE-2021-32716 Internal hidden fields are visible on to many associations in admin api — platformCWE-200 4.4 Medium2021-06-24
CVE-2021-32712 Information leakage in Error Handler — shopwareCWE-200 5.3 Medium2021-06-24
CVE-2021-32713 Authenticated Stored XSS — shopwareCWE-79 4.8 Medium2021-06-24
CVE-2021-32711 Leak of information via Store-API — platformCWE-200 9.1 Critical2021-06-24
CVE-2021-32710 Potential Session Hijacking in Shopware — platformCWE-384 5.9 Medium2021-06-24
CVE-2021-32709 Creation of order credits was not validated by acl in admin orders — platformCWE-306 4.9 Medium2021-06-24

This page lists every published CVE security advisory associated with shopware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.