0.001 Low
EPSS
Percentile
22.7%
Grid component of Sylius omits HTML input sanitisation while rendering object implementing __toString() method through the string field type.
github.com/FriendsOfPHP/security-advisories/blob/master/sylius/grid/CVE-2019-12186.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/CVE-2019-12186.yaml
nvd.nist.gov/vuln/detail/CVE-2019-12186
sylius.com/blog/cve-2019-12186