[MEDIUM] Shopware: Stored XSS via SVG file upload — no SVG sanitization

PKSA-qf56-zbmm-29m8 CVE-2026-48015 GHSA-xvhc-gm7j-mhmc

Affected package: shopware/core

Affected version: <6.6.10.18|>=6.7.0.0,<6.7.10.1

Reported by:
GitHub