5.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31057

GHSA ID

GHSA-q754-vwc4-p6qj

EPSS Score

0.60445%

CWE

CWE-79

Published

6/22/2022

Updated

1/27/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-31057

CVE-2022-31057: Authenticated Stored Cross-site Scripting in Shopware

Impact

Authenticated Stored XSS in Administration

Patches

We recommend updating to version 5.7.12. You can get the update to 5.7.12 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/de/changelog-sw5/#5-7-12

For older versions you can use the Security Plugin: https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html

References

https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022

(GitHub Advisory)

5.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31057

GHSA ID

GHSA-q754-vwc4-p6qj

EPSS Score

0.60445%

CWE

CWE-79

Published

6/22/2022

Updated

1/27/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
shopware/shopware	composer	< 5.7.12	5.7.12

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

### Imp**t *ut**nti**t** Stor** XSS in **ministr*tion ### P*t***s W* r**omm*n* up**tin* to v*rsion *.*.**. You **n **t t** up**t* to *.*.** r**ul*rly vi* t** *uto-Up**t*r or *ir**tly vi* t** *ownlo** ov*rvi*w. *ttps://www.s*opw*r*.*om/**/***n**lo*-s

Reasoning

No *n*lysis *v*il**l*

5.4

Basic Information

Concerned about an active attack path?

CVE-2022-31057: Authenticated Stored Cross-site Scripting in Shopware

Impact

Patches

References

5.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI