Inicio / Alerta Temprana / Vulnerabilidades / CVE-2019-12935

Vulnerabilidad en Shopware (CVE-2019-12935)

Tipo: 
Neutralización incorrecta de la entrada durante la generación de la página web (Cross-site Scripting)
Gravedad: 
Media
Fecha publicación : 
23/06/2019
Última modificación: 
25/06/2019
Descripción
Shopware anterior a la versión 5.5.8 tiene XSS mediante de la cadena de consulta para el backend/Login o backend/Login/load/ URI.
Impacto
Vector de acceso: A través de red
Complejidad de Acceso: Media
Autenticación: No requerida para explotarla
Tipo de impacto: Afecta parcialmente a la integridad del sistema + No hay impacto en la confidencialidad del sistema + No hay impacto en la disponibilidad del sistema
Productos y versiones vulnerables
  • Shopware Shopware 5.5.7
  • Shopware Shopware 5.5.6
  • Shopware Shopware 5.5.5
  • Shopware Shopware 5.5.4
  • Shopware Shopware 5.5.3
  • Shopware Shopware 5.5.2
  • Shopware Shopware 5.5.1
  • Shopware Shopware 5.5.0
  • Shopware Shopware 5.4.6
  • Shopware Shopware 5.4.5
  • Shopware Shopware 5.4.4
  • Shopware Shopware 5.4.3
  • Shopware Shopware 5.4.2
  • Shopware Shopware 5.4.1
  • Shopware Shopware 5.4.0
  • Shopware Shopware 5.3.7
  • Shopware Shopware 5.3.6
  • Shopware Shopware 5.3.5
  • Shopware Shopware 5.3.4
  • Shopware Shopware 5.3.3
  • Shopware Shopware 5.3.2
  • Shopware Shopware 5.3.1
  • Shopware Shopware 5.3.0 Rc2
  • Shopware Shopware 5.3.0 Rc1
  • Shopware Shopware 5.3.0
  • Shopware Shopware 5.2.9
  • Shopware Shopware 5.2.8
  • Shopware Shopware 5.2.7
  • Shopware Shopware 5.2.6
  • Shopware Shopware 5.2.5
  • Shopware Shopware 5.2.4
  • Shopware Shopware 5.2.3
  • Shopware Shopware 5.2.27
  • Shopware Shopware 5.2.26
  • Shopware Shopware 5.2.25
  • Shopware Shopware 5.2.24
  • Shopware Shopware 5.2.23
  • Shopware Shopware 5.2.22
  • Shopware Shopware 5.2.21
  • Shopware Shopware 5.2.20
  • Shopware Shopware 5.2.2
  • Shopware Shopware 5.2.19
  • Shopware Shopware 5.2.18
  • Shopware Shopware 5.2.17
  • Shopware Shopware 5.2.16
  • Shopware Shopware 5.2.15
  • Shopware Shopware 5.2.14
  • Shopware Shopware 5.2.13
  • Shopware Shopware 5.2.12
  • Shopware Shopware 5.2.11
  • Shopware Shopware 5.2.10
  • Shopware Shopware 5.2.1
  • Shopware Shopware 5.2.0 Rc3
  • Shopware Shopware 5.2.0 Rc2
  • Shopware Shopware 5.2.0 Rc1
  • Shopware Shopware 5.2.0 Beta1
  • Shopware Shopware 5.2.0
  • Shopware Shopware 5.1.6
  • Shopware Shopware 5.1.5
  • Shopware Shopware 5.1.4
  • Shopware Shopware 5.1.3 Rc1
  • Shopware Shopware 5.1.3
  • Shopware Shopware 5.1.2 Rc2
  • Shopware Shopware 5.1.2 Rc1
  • Shopware Shopware 5.1.1
  • Shopware Shopware 5.1.0 Rc3
  • Shopware Shopware 5.1.0 Rc2
  • Shopware Shopware 5.1.0
  • Shopware Shopware 5.0.4 Rc1
  • Shopware Shopware 5.0.4
  • Shopware Shopware 5.0.3 Rc1
  • Shopware Shopware 5.0.3
  • Shopware Shopware 5.0.2 Rc1
  • Shopware Shopware 5.0.2
  • Shopware Shopware 5.0.1
  • Shopware Shopware 5.0.0 Rc3
  • Shopware Shopware 5.0.0 Rc2
  • Shopware Shopware 5.0.0 Rc1
  • Shopware Shopware 5.0.0
  • Shopware Shopware 4.3.7
  • Shopware Shopware 4.3.6
  • Shopware Shopware 4.3.5
  • Shopware Shopware 4.3.4
  • Shopware Shopware 4.3.3
  • Shopware Shopware 4.3.2
  • Shopware Shopware 4.3.1
  • Shopware Shopware 4.3.0
  • Shopware Shopware 4.2.3
  • Shopware Shopware 4.2.2
  • Shopware Shopware 4.2.1.1
  • Shopware Shopware 4.2.1
  • Shopware Shopware 4.2.0
  • Shopware Shopware 4.1.4
  • Shopware Shopware 4.1.3
  • Shopware Shopware 4.1.2
  • Shopware Shopware 4.1.1
  • Shopware Shopware 4.1.0
  • Shopware Shopware 4.0.8
  • Shopware Shopware 4.0.7
  • Shopware Shopware 4.0.6
  • Shopware Shopware 4.0.5
  • Shopware Shopware 4.0.4
  • Shopware Shopware 4.0.3
  • Shopware Shopware 4.0.2
  • Shopware Shopware 4.0.1
Explicación de los campos