CVE-2019-12186

An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x through 1.1.18, 1.2.x through 1.2.17, 1.3.x through...

CVE-2019-12186

Summary: CVE-2019-12186 describes a Cross-Site Scripting (XSS) issue in Sylius grid rendering. The vulnerability stems from missing input sanitization in Sylius core components (sylius/sylius) and the grid bundle, allowing an attacker to inject malicious code via a field displayed in a grid with ...

Information Disclosure

sylius/sylius is vulnerable to information disclosure. The vulnerability exists as the internal exception message gets exposed in the login action through the value of lasterror.message in Security/login.html.twig...

CVE-2019-16768

In affected versions of Sylius, exception messages from internal exceptions like database exception are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible...

CVE-2019-16768

In affected versions of Sylius, exception messages from internal exceptions like database exception are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible...

Design/Logic Flaw

In affected versions of Sylius, exception messages from internal exceptions like database exception are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible...

CVE-2019-16768 Internal exception message exposure for login action in Sylius

In affected versions of Sylius, exception messages from internal exceptions like database exception are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible...

CVE-2019-16768

CVE-2019-16768 affects Sylius: internal exception messages from login errors could leak system details to users. The root cause is exception messages from internal exceptions (e.g., database errors) being wrapped and surfaced in the UI via the login flow. Affected versions are fixed in Sylius rel...

GHSA-3R8J-PMCH-5J2H Internal exception message exposure for login action in Sylius

Internal exception message exposure for login action Impact Exception messages from internal exceptions like database exception are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system...

Internal exception message exposure for login action in Sylius

Internal exception message exposure for login action Impact Exception messages from internal exceptions like database exception are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system...

Unspecified Vulnerability in Sylius

Sylius is a set of Symfony framework based on open source e-commerce platform . A security vulnerability exists in Sylius that can be exploited by an attacker to view internal system messages...

Cross-Site Scripting (XSS)

sylius is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via multiple parameters in the grid component due to a lack of input and output sanitization while rendering an object that implements the toString method through the...

CSRF vulnerability in the admin panel

More info at https://sylius.com/blog/csrf-vulnerability-in-admin-panel/...