CNNVD-202512-2027 Information

CNNVD ID

CNNVD-202512-2027

Related CVE

CVE-2025-67648

• CNNVD Published: 2025-12-11

Description (Chinese)

Shopware是德国Shopware公司的一套开源电子商务软件。 Shopware 6.4.6.0版本至6.6.10.9版本和6.7.0.0版本至6.7.5.0版本存在跨站脚本漏洞，该漏洞源于未验证URL参数waitTime，可能导致反射型跨站脚本攻击。

Description (English)

Shopware is an open-source e-commerce software package for the German company Shopware. Shopware versions 6.4.6.0 to 6.6.10.9 and 6.7.0.0 to 6.7.5.0 have a cross-site script loophole, which originates from the failure to validate the URL parameter waitTime and may result in a reflector-type cross-station script attack.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

Shopware

Published

2025-12-11

Last Modified

2026-02-24

References

https://github.com/shopware/shopware/commit/c9242c02c84595d9fa3e2adf6a264bc90a657b58 https://github.com/shopware/shopware/security/advisories/GHSA-6w82-v552-wjw2

Patch

https://www.shopware.com/en/