[MEDIUM] Shopware: Stored XSS via SVG file upload — no SVG sanitization

PKSA-xngt-2zh8-qhq6 CVE-2026-48015 GHSA-xvhc-gm7j-mhmc

Affected package: shopware/platform

Affected version: <6.6.10.18|>=6.7.0.0,<6.7.10.1

Reported by:
GitHub