CVE-2020-13971 – In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileuplo …

28 July 2020

Vuln ID: CVE-2020-13971

Published: 2020-07-28 21:15:14Z

Description: In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication.

Source: NVD.NIST.GOV

Date:

28 July 2020

Categorie(s):

NVD

Tag(s):

NVD

Hyperbole, Misinformation, and CyberMonsters Under the Bed2 May 2024
StrongDM raises $34M to enhance zero-trust privileged access management2 May 2024
1Password launches Extended Access Management to secure unmanaged apps and devices2 May 2024
Edgio launches edge-enabled attack surface management to bolster continuous web application security2 May 2024
LayerX Security Raises $24M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere2 May 2024