CVE-2021-32713

Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.

Published: Jun 24, 2021
Updated: May 9, 2024
CVE: CVE-2021-32713
GHSA: GHSA-7vmw-7x57-q6jw
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
shopware / shopware	5.0.0	5.6.10
shopware / shopware	-	5.6.10

https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2021
https://github.com/shopware/shopware/commit/a0850ffbc6f581a8eb8425cc2bf77a0715e21e12
https://github.com/shopware/shopware/security/advisories/GHSA-f6p7-8xfw-fjqq

Vulnerability Database

290,206

CVE-2021-32713