First published: Mon Aug 16 2021(Updated: )
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Shopware Shopware | <6.4.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-37710 is a Cross-Site Scripting vulnerability in Shopware eCommerce platform versions prior to 6.4.3.1.
CVE-2021-37710 has a severity score of 5.4, which is considered high.
CVE-2021-37710 affects Shopware versions prior to 6.4.3.1, allowing for Cross-Site Scripting attacks via SVG media files.
To fix CVE-2021-37710, it is recommended to update to Shopware version 6.4.3.1, which contains a patch for the vulnerability.
Yes, for older versions (6.1, 6.2, and 6.3), corresponding security measures are available through a plugin.