Cross-site scripting in Shopware - CVE-2021-41188
Published: October 26, 2021 / Updated: May 19, 2026
Shopware
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary script code in the administration interface.
The vulnerability exists due to cross-site scripting in the administration interface when rendering crafted stored content. A remote user can inject a specially crafted payload to execute arbitrary script code in the administration interface.