CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The co...

4.8CVSS6.2AI score0.0044EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:1 a.m.•8 views

CVE-2022-24733

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface wi...

6.1CVSS6.5AI score0.00871EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:55 p.m.•6 views

CVE-2022-24749

Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting XSS code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the...

6.1CVSS5.3AI score0.0109EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 9:19 p.m.•12 views

CVE-2021-32720

Sylius is an Open Source eCommerce platform on top of Symfony. In versions of Sylius prior to 1.9.5 and 1.10.0-RC.1, part of the details order ID, order number, items total, and token value of all placed orders were exposed to unauthorized users. If exploited properly, a few additional informatio...

5.3CVSS6.4AI score0.00881EPSS

Exploits0References1

CNNVD•added 2025/03/17 12:0 a.m.•3 views

PayPal Plugin 安全漏洞

PayPal Plugin is an open source plugin for the PayPal commerce platform from Sylius eCommerce. A security vulnerability exists in PayPal Plugin versions prior to 1.6.1, prior to 1.7.1, and prior to 2.0.1, which stems from payment amount manipulation and could lead to fraud...

6.5CVSS6.3AI score0.00464EPSS

Exploits0References7

CVE•added 2024/07/17 5:51 p.m.•90 views

CVE-2024-40633

Summary: CVE-2024-40633 affects Sylius (Symfony-based) in the /api/v2/shop/adjustments/{id} endpoint. The flaw enables an attacker to enumerate valid adjustment IDs and retrieve order tokens, potentially exposing sensitive guest customer order details. Affected/Root cause: Unauthenticated access ...

5.3CVSS5AI score0.0038EPSS

Exploits0References1

Prion•added 2022/03/14 10:15 p.m.•17 views

Cross site scripting

4.3CVSS5.9AI score0.0109EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2022/03/14 9:0 p.m.•4 views

CVE-2022-24743 Insufficient Session Expiration in Sylius

Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue ...

7.1CVSS8AI score0.01232EPSS

Exploits1References3

Cvelist•added 2022/03/14 7:20 p.m.•32 views

CVE-2022-24742 Exposure of Sensitive Information Due to Incompatible Policies in Sylius

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect...

5CVSS5.4AI score0.0079EPSS

Exploits0References4