| Title |
Severity |
Exploit |
Date |
Affected Version |
|
Canceling of orders not related to the logged-in user
|
Medium
|
|
Jun 28, 2021
|
< 6.4.1.1
|
|
After order payment process manipulation in shopware/platform and shopware/core
|
Critical
|
|
Apr 13, 2021
|
< 6.3.5.3
|
|
Leak of information via Store-API aggregations in shopware/platform and shopware/core
|
Critical
|
|
Apr 13, 2021
|
< 6.3.5.3
|
|
Authenticated Server Side Request Forgery
|
Low
|
|
Dec 21, 2020
|
< 6.3.4.1
|
|
Information exposure via query strings in URL
|
Low
|
|
Dec 21, 2020
|
< 6.3.4.1
|
|
Authenticated Privilege Escalation
|
Low
|
|
Dec 21, 2020
|
< 6.3.4.1
|
|
Denial of Service via Cache Flooding
|
Low
|
|
Oct 19, 2020
|
< 6.3.2.1
|
|
Authenticated XML External Entity Processing
|
Medium
|
|
Oct 19, 2020
|
< 6.3.2.1
|
|
Non-persistent XSS in the Storefront in Shopware
|
Low
|
|
Sep 23, 2020
|
< 6.3.1.1
|
|
RCE in Third Party Library in Shopware
|
Low
|
|
Sep 23, 2020
|
< 6.3.1.1
|
shopware / core