Skip to content

Persistent XSS in newsletter module

Low
shyim published GHSA-hrfh-fp4x-crrq Nov 9, 2020

Package

composer shopware/shopware (Composer)

Affected versions

<=5.6.8

Patched versions

5.6.9

Description

Impact

Persistent XSS in newsletter module

Patches

We recommend updating to the current version 5.6.9. You can get the update to 5.6.9 regularly via the Auto-Updater or directly via the download overview.

For older versions you can use the Security Plugin:
https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html

References

https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-11-2020

Severity

Low

CVE ID

No known CVE

Weaknesses

No CWEs