A non-persistent Cross-Site Scripting (XSS) vulnerability has been identified in the Shopware eCommerce platform within the frontend. This vulnerability may allow an attacker to inject and execute malicious scripts in the context of a victim’s web browser.
community.shopware.com/_detail_2048.html
docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2018?category=shopware-5-en/security-updates
github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2018-01-22.yaml
github.com/shopware5/shopware
github.com/shopware5/shopware/commit/54461aa651566dc2701b873fe6bd94589604751b