shopware/core is vulnerable to cross-site scripting. The vulnerability exists because the promotion and product codes are not filtered properly which allows a malicious attacker to inject and execute arbitrary code.
docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022
github.com/shopware/core/commit/40749a8f1c4d0281666cb91ee96207dd33c39fd8
github.com/shopware/platform/commit/651598a61073cbe59368e311817bdc6e7fb349c6
github.com/shopware/platform/security/advisories/GHSA-952p-fqcp-g8pc
github.com/shopware/storefront/commit/55a974e3bb18280e4e2cc2d4e29e860d346e4f27