CVE-2021-37710: XSS
First published: Mon Aug 16 2021(Updated: )
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Shopware Shopware | <6.4.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-37710?
CVE-2021-37710 is a Cross-Site Scripting vulnerability in Shopware eCommerce platform versions prior to 6.4.3.1.
How severe is CVE-2021-37710?
CVE-2021-37710 has a severity score of 5.4, which is considered high.
How does CVE-2021-37710 affect Shopware?
CVE-2021-37710 affects Shopware versions prior to 6.4.3.1, allowing for Cross-Site Scripting attacks via SVG media files.
How can I fix CVE-2021-37710?
To fix CVE-2021-37710, it is recommended to update to Shopware version 6.4.3.1, which contains a patch for the vulnerability.
Are there any workarounds for older versions of Shopware?
Yes, for older versions (6.1, 6.2, and 6.3), corresponding security measures are available through a plugin.
- collector/nvd-index
- vendor/shopware
- canonical/shopware shopware