GHSA-9v82-vcjx-m76j: Shopware: Reflective Cross Site-Scripting (XSS) in CMS components

When an application uses input fields, it is important that user input is adequately filtered for malicious HTML and JavaScript characters. When adequate input validation is not applied, Cross-Site Scripting (XSS) vulnerabilities may arise. These allow malicious actors to inject malicious code into application pages. When a user visits the page, the code is executed in the user’s web browser. This allows malicious actors to perform malicious actions in the name of that user. XSS can be divided into three variants: Persistent XSS, Reflective XSS and DOM-based XSS. In Reflective XSS, a malicious actor injects malicious JavaScript code into a URL. Every time the user visits this URL, the JavaScript code is executed in the user’s browser.