CVE-2019-12935

描述

Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.

受影響套件(1)

• Packagist/shopware/shopwarefrom 0, < 5.5.8

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-12935
• WEBhttp://seclists.org/fulldisclosure/2019/Jun/32
• WEBhttps://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware
• WEBhttps://www.shopware.com/en/changelog/#5-5-8