CVE-2021-41188

Moderate 5.4

Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability.

Published October 26, 2021.

Affected software

Shopware Shopware

Get alerts for Shopware Shopware

Reference links

https://github.com/shopware/shopware/commit/37213e91d525c95df262712cba80d1497e395a58
https://github.com/shopware/shopware/releases/tag/v5.7.6
https://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9
https://docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021
https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html