9 matches found
CVE-2024-29376
Sylius 1.12.13 is vulnerable to Cross Site Scripting XSS via the "Province" field in Address Book...
CVE-2023-1179
A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument companyname/province/city/phonenumber leads to cross site...
GHSA-7PRJ-9CCR-HR3Q Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout and Address Book
Impact There is a possibility to save XSS code in province field in the Checkout and Address Book and then execute it on these pages. The problem occurs when you open the address step page in the checkout or edit the address in the address book. This only affects the base UI Shop provided by...
GHSA-MW82-6M2G-QH6C Duplicate Advisory: Sylius Cross Site Scripting (XSS) vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7prj-9ccr-hr3q. This link is maintained to preserve external references. Original Description Sylius 1.12.13 is vulnerable to Cross Site Scripting XSS via the "Province" field in Address Book...
CVE-2024-29376
Sylius 1.12.13 is vulnerable to Cross Site Scripting XSS via the "Province" field in Address Book...
Sylius 安全漏洞
Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. A security vulnerability exists in Sylius version 1.12.13, which stems from a cross-site scripting XSS vulnerability in the Province field...
CVE-2024-29376
Summary: CVE-2024-29376 affects Sylius 1.12.13 with a Cross Site Scripting (XSS) flaw in the Province field of the Address Book (and Checkout flow). The public advisories confirm an XSS payload risk when saving/entering the Province value, enabling script execution on affected pages. Root cause d...
PT-2024-22871
Name of the Vulnerable Software and Affected Versions: Sylius versions 1.12.13 through 1.12.15 Sylius versions prior to 1.13.1 Description: The issue is related to Cross Site Scripting XSS via the "Province" field in Address Book. There is a possibility to save XSS code in the province field in t...
CVE-2024-29376
Sylius 1.12.13 is vulnerable to Cross Site Scripting XSS via the "Province" field in Address Book...