CVE-2019-12935
HIGH NUCLEIShopware < 5.5.8 - Cross-Site Scripting via Query String to Backend Login
Title source: llmExploitation Summary
CVE-2019-12935 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
Nuclei Templates (1)
Shopware < 5.5.8 - Cross-Site Scripting
HIGHby pussycat0x
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/153145/Shopware-5.5.6-Cross-Site-Scripting.html
Exploit, Third Party Advisory x_refsource_misc
https://www.netsparker.com/web-applications-advisories/ns-19-004-cross-site-scripting-in-shopware/
Release Notes, Vendor Advisory x_refsource_misc
https://www.shopware.com/en/changelog/#5-5-8
Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Jun/32
Scores
CVSS v3
7.4
EPSS
0.0276
EPSS Percentile
84.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Details
CWE
CWE-79
Status
published
Products (2)
shopware/shopware
< 5.5.8
shopware/shopware
0 - 5.5.8Packagist
Published
Jun 23, 2019
Tracked Since
Feb 18, 2026