CVE-2022-24873

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24873

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24873.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-24873

Aliases

GHSA-4g29-fccr-p59w

Published

2022-04-28T13:45:14Z

Modified

2025-10-13T04:34:56Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Non-Stored Cross-site Scripting in Shopware storefront

Details

Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24873.json"

unresolved_versions

[
    {
        "type": "",
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "5.7.9"
            }
        ]
    }
]