Known Vulnerabilities for products from Shopware
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Shopware".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-32142 json | Not Provided | 2026-03-12 | 2026-03-13 | |
| CVE-2026-32100 json | Not Provided | 2026-03-12 | 2026-03-13 | |
| CVE-2024-22408 json | 8.1 - HIGH | 2024-01-16 | 2024-01-24 | |
| CVE-2024-22407 json | 6.5 - MEDIUM | 2024-01-16 | 2024-01-24 | |
| CVE-2024-22406 json | 9.8 - CRITICAL | 2024-01-16 | 2024-01-24 | |
| CVE-2023-34099 json | Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was pos... | 5.3 - MEDIUM | 2023-06-27 | 2023-07-06 |
| CVE-2023-34098 json | Shopware is an open source e-commerce software. Due to an incorrect configuration in the `.htaccess` file, the configuration ... | 5.3 - MEDIUM | 2023-06-27 | 2023-07-05 |
| CVE-2023-23941 json | SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, ... | 7.5 - HIGH | 2023-02-03 | 2023-02-15 |
| CVE-2023-22734 json | Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation w... | 7.5 - HIGH | 2023-01-17 | 2023-11-07 |
| CVE-2023-22733 json | Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would... | 6.5 - MEDIUM | 2023-01-17 | 2023-01-25 |
| CVE-2023-22732 json | Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was... | 9.8 - CRITICAL | 2023-01-17 | 2023-11-07 |
| CVE-2023-22731 json | Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandb... | 8.8 - HIGH | 2023-01-17 | 2023-11-07 |
| CVE-2023-22730 json | Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to p... | 7.5 - HIGH | 2023-01-17 | 2023-11-07 |
| CVE-2023-2017 json | Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/cor... | 8.8 - HIGH | 2023-04-17 | 2023-04-28 |
| CVE-2022-48150 json | Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI. | 6.1 - MEDIUM | 2023-04-21 | 2023-05-03 |
| CVE-2022-36102 json | Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain n... | 7.2 - HIGH | 2022-09-12 | 2022-09-15 |
| CVE-2022-36101 json | Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend ... | 5.3 - MEDIUM | 2022-09-12 | 2023-07-21 |
| CVE-2022-31148 json | Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability ... | 5.4 - MEDIUM | 2022-08-01 | 2022-08-05 |
| CVE-2022-31057 json | Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to... | 5.4 - MEDIUM | 2022-06-27 | 2022-07-07 |
| CVE-2022-24956 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-03-29 | 2022-04-05 |
Known software with vulnerabilities from Shopware
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Shopware | Shopware | 4.0.1 |