Shopware 5.3.7 Cross Site Request Forgery
Posted on 13 March 2018
Shopware versions 4.0.1 through 5.3.7 suffer from a cross site request forgery vulnerability. Malicious, third-party websites may abuse this API to list, add or remove products from a user's cart.