Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:18 a.m.8 views

CVE-2024-29376

Sylius 1.12.13 is vulnerable to Cross Site Scripting XSS via the "Province" field in Address Book...

6.4CVSS6AI score0.0042EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.10 views

CVE-2023-1179

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument companyname/province/city/phonenumber leads to cross site...

5.4CVSS6AI score0.00592EPSS
Exploits1References1
OSV
OSV
added 2024/05/10 3:33 p.m.16 views

GHSA-7PRJ-9CCR-HR3Q Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout and Address Book

Impact There is a possibility to save XSS code in province field in the Checkout and Address Book and then execute it on these pages. The problem occurs when you open the address step page in the checkout or edit the address in the address book. This only affects the base UI Shop provided by...

6.4CVSS6.7AI score0.0042EPSS
Exploits1References5
OSV
OSV
added 2024/04/22 9:31 p.m.12 views

GHSA-MW82-6M2G-QH6C Duplicate Advisory: Sylius Cross Site Scripting (XSS) vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7prj-9ccr-hr3q. This link is maintained to preserve external references. Original Description Sylius 1.12.13 is vulnerable to Cross Site Scripting XSS via the "Province" field in Address Book...

5.4CVSS6AI score0.0042EPSS
Exploits1References3
OSV
OSV
added 2024/04/22 7:15 p.m.4 views

CVE-2024-29376

Sylius 1.12.13 is vulnerable to Cross Site Scripting XSS via the "Province" field in Address Book...

6.4CVSS6.3AI score
Exploits0References1
CNNVD
CNNVD
added 2024/04/22 12:0 a.m.3 views

Sylius 安全漏洞

Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. A security vulnerability exists in Sylius version 1.12.13, which stems from a cross-site scripting XSS vulnerability in the Province field...

6.4CVSS5.8AI score0.0042EPSS
Exploits1References2
CVE
CVE
added 2024/04/22 12:0 a.m.67 views

CVE-2024-29376

Summary: CVE-2024-29376 affects Sylius 1.12.13 with a Cross Site Scripting (XSS) flaw in the Province field of the Address Book (and Checkout flow). The public advisories confirm an XSS payload risk when saving/entering the Province value, enabling script execution on affected pages. Root cause d...

6.4CVSS5.8AI score0.0042EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.8 views

PT-2024-22871

Name of the Vulnerable Software and Affected Versions: Sylius versions 1.12.13 through 1.12.15 Sylius versions prior to 1.13.1 Description: The issue is related to Cross Site Scripting XSS via the "Province" field in Address Book. There is a possibility to save XSS code in the province field in t...

6.4CVSS6AI score0.0042EPSS
Exploits1References9
Cvelist
Cvelist
added 2024/04/22 12:0 a.m.26 views

CVE-2024-29376

Sylius 1.12.13 is vulnerable to Cross Site Scripting XSS via the "Province" field in Address Book...

5.9AI score0.0042EPSS
Exploits1References1
Rows per page
Query Builder