CVE-2025-67648
Shopware Storefront Reflected XSS in Storefront Login Page
描述
### Impact By exploiting the XSS vulnerabilities, malicious actors can perform harmful actions in the user's web browser in the session context of the affected user. Some examples of this include, but are not limited to: Obtaining user session tokens. Performing administrative actions (when an administrative user is affected). These vulnerabilities pose a high security risk. Since a sensitive cookie is not configured with the HttpOnly attribute and administrator JWTs are stored in sessionStorage, any successful XSS attack could enable the theft of session cookies and administrative tokens. ### Description A request parameter from the URL of the login page is directly rendered within the Twig template of the Storefront login page without further processing or input validation. This allows direct code injection into the template via the URL parameter. An attacker can create malicious links that could be used in a phishing attack. The parameter `waitTime` lacks proper input validation. The attack can be tested with the following URL pattern: ``` /account/login?loginError=1&waitTime=<a%20href%3D"https%3A%2F%2Fde.wikipedia.org%2Fwiki%2FPhishing">Here<%2Fa> ``` The same applies to the `errorSnippet` parameter: ``` /account/login?loginError=1&errorSnippet=Reset%20your%20password%20%3Ca%20href%3D%22https%3A%2F%2Fde.wikipedia.org%2Fwiki%2FPhishing%22%3Ehere%3C%2Fa%3E. ```
如何修補 CVE-2025-67648
要修補 CVE-2025-67648,請將受影響套件升級到下列已修補版本。
- —升級至 6.6.10.10 或更新版本
- —升級至 6.6.10.10 或更新版本
CVE-2025-67648 正在被利用嗎?
低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- >= 6.4.6.0, < 6.6.10.10