CVE-2019-12935
CVE-2019-12935
Vexday Risk Score
36Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS 7.4EPSS 2.7%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
23 Jun 2019Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:R
Affected products
n/a · n/a