Cross-Site Scripting via SVG media files
Description
Published by the National Vulnerability Database
Aug 16, 2021
Reviewed
Aug 23, 2021
Published to the GitHub Advisory Database
Aug 23, 2021
Last updated
Feb 1, 2023
Impact
Cross-Site Scripting via SVG media files
Patches
We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview.
https://www.shopware.com/en/download/#shopware-6
Workarounds
For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
References