HikaShop Starter 4.7.5 , HikaShop Starter 4.7.5 , 3rd party extension, XSS (Cross Site Scripting)
We fixed a stored XSS trough SVG file upload security issue. You can read more about it here.
Note that it only affects HikaShop versions above the 4.6.2 up to the 5.0.1 and not if you updated HikaShop from previous versions as default support of SVG images for the upload of images was only added in the 4.7.0 for new installations of HikaShop. Also, it requires access to the backend of the website to perform, and can be avoided easily by removing the possibility of uploading svg files in the HikaShop configuration's "allowed images" setting or updating your HikaShop to the 5.0.2