CVE-2019-12935
Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
Date published : 2019-06-23
http://seclists.org/fulldisclosure/2019/Jun/32
http://packetstormsecurity.com/files/153145/Shopware-5.5.6-Cross-Site-Scripting.html