November 29 2023

HikaShop 5.0.2 is a security release for a XSS security issue with SVG files uploads.
Update is advised.


We fixed a stored XSS trough SVG file upload security issue. You can read more about it here.
Note that it only affects HikaShop versions above the 4.6.2 up to the 5.0.1 and not if you updated HikaShop from previous versions as default support of SVG images for the upload of images was only added in the 4.7.0 for new installations of HikaShop.
Also, it requires access to the backend of the website to perform, and can be avoided easily by removing the possibility of uploading SVG files in the HikaShop configuration's "Allowed images" setting or updating your HikaShop to the 5.0.2.
We nevertheless recommend updating to HikaShop 5.0.2 when possible.

Keep in touch folks.
Team HikaShop