### Impact By exploiting the XSS vulnerabilities, malicious actors can perform harmful actions in the user's web browser in the session context of the affected user. Some examples of this include, but are not limited to: Obtaining user session tokens. Performing administrative actions (when an administrative user is affected). These vulnerabilities pose a high security risk. Since a sensitive cookie is not configured with the HttpOnly attribute and administrator JWTs are stored in sessionStorage, any successful XSS attack could enable the theft of session cookies and administrative tokens. ##…
GHSA-6w82-v552-wjw2: Shopware Storefront Reflected XSS in Storefront Login Page
Shopware Storefront has a reflected XSS vulnerability in its login page, allowing attackers to steal user session tokens and perform administrative actions.