Cross-site scripting in Shopware - #VU131881
Published: November 9, 2020 / Updated: May 19, 2026
Shopware
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary script code in a user's browser.
The vulnerability exists due to cross-site scripting in the newsletter module when handling newsletter content. A remote attacker can inject a persistent script payload to execute arbitrary script code in a user's browser.