Cross-site scripting in Shopware - CVE-2022-31148
Published: July 25, 2022 / Updated: May 19, 2026
Shopware
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary script code in a victim's browser.
The vulnerability exists due to cross-site scripting in the customer module when processing stored customer-supplied input. A remote attacker can submit specially crafted input to execute arbitrary script code in a victim's browser.