CVE-2021-32713 MEDIUM

CVE-2021-32713: Authenticated Stored XSS

Vendor Shopware

Product shopware

Weakness CWE-79 · XSS

Published June 24, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.

Key dates

02Disclosure timeline

June 24, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-32713 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-54244 WordPress Easy Replace plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability CVE-2025-5884 Konica Minolta bizhub Display MFP Information List cross site scripting CVE-2025-2700 michelson Dante Editor Insert Link cross site scripting CVE-2022-2689 SourceCodester Wedding Hall Booking System Contact Page cross site scripting CVE-2023-4775 Advanced iFrame <= 2023.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode