CVE-2022-24873: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

April 28, 2022 (updated May 6, 2022)

Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.

References

docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022
github.com/shopware/shopware/security/advisories/GHSA-4g29-fccr-p59w
nvd.nist.gov/vuln/detail/CVE-2022-24873
www.shopware.com/en/changelog-sw5/

Code Behaviors & Features

Detect and mitigate CVE-2022-24873 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →