Cross-site scripting in Shopware - CVE-2022-31057
Published: June 22, 2022 / Updated: May 19, 2026
Shopware
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary script code in a user's browser.
The vulnerability exists due to cross-site scripting in the administration interface when processing stored user-supplied content. A remote user can inject a malicious script to execute arbitrary script code in a user's browser.