CVE-2017-15374: Cross-site Scripting

October 16, 2017 (updated January 24, 2018)

Shopware is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend.

References

nvd.nist.gov/vuln/detail/CVE-2017-15374

Code Behaviors & Features

Detect and mitigate CVE-2017-15374 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →