Improper Output Neutralization for Logs in Shopware - CVE-2023-22733
Published: January 17, 2023 / Updated: May 19, 2026
Shopware
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper output neutralization for logs in the log module when viewing logged sent mails. A remote user can access password reset emails to disclose sensitive information.
The issue can expose password reset emails for both customers and administrative users.