Home > Vulnerability Database > CVE-2022-31148

Mend.io Vulnerability Database

CVE-2022-31148

Date: August 1, 2022

Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.

Language: PHP

Severity Score

5.4

Related Resources (7)

Url: https://github.com/shopware/shopware/security/advisories/GHSA-5834-xv5q-cgfw

Url: https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-07-2022

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31148

Url: https://github.com/shopware/shopware/commit/7875855005648fba7b39371a70816afae2e07daf

Url: https://www.shopware.com/en/changelog-sw5/#5-7-14

Url: https://github.com/shopware/shopware

Url: https://www.mend.io/vulnerability-database/CVE-2022-31148

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31148

Date: August 1, 2022

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?