Jonas Elfering

3 exploits Active since Aug 2021
CVE-2021-37710 WRITEUP HIGH WRITEUP
Shopware < 6.4.3.1 - XSS
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
CVSS 8.0
CVE-2021-37711 WRITEUP HIGH WRITEUP
Shopware < 6.4.3.1 - SSRF
Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
CVSS 8.8
CVE-2026-23498 WRITEUP HIGH WRITEUP
Shopware <6.7.6.1 - Code Injection
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(...) override. This vulnerability is fixed in 6.7.6.1.
CVSS 7.2