CVE-2021-41188: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

October 26, 2021 (updated October 28, 2021)

Shopware is open source e-commerce software. contain a cross-site scripting vulnerability. This issue is patched Two workarounds are available. Using the security plugin or adding a particular following config to the .htaccess file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability.

References

docs.shopware.com/en/shopware-5-en/sicherheitsupdates/security-update-10-2021
nvd.nist.gov/vuln/detail/CVE-2021-41188

Detect and mitigate CVE-2021-41188 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →