293 matches found
EUVD-2020-0257
Malware in sbrugna...
EUVD-2019-0773
Malware in sbrugna...
EUVD-2020-0393
Malware in sbrugna...
EUVD-2020-0273
Malware in sbrugna...
EUVD-2022-1308
Malicious code in bioql PyPI...
EUVD-2024-3263
Malicious code in bioql PyPI...
EUVD-2024-53645
Malicious code in bioql PyPI...
EUVD-2022-1476
Malicious code in bioql PyPI...
EUVD-2024-1784
Malicious code in bioql PyPI...
EUVD-2022-1312
Malicious code in bioql PyPI...
EUVD-2024-2259
Malicious code in bioql PyPI...
CVE-2024-29376
Sylius 1.12.13 is vulnerable to Cross Site Scripting XSS via the "Province" field in Address Book...
CVE-2024-34349
Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The co...
CVE-2024-40633
Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...
CVE-2022-24733
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface wi...
CVE-2022-24749
Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting XSS code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the...
CVE-2021-32720
Sylius is an Open Source eCommerce platform on top of Symfony. In versions of Sylius prior to 1.9.5 and 1.10.0-RC.1, part of the details order ID, order number, items total, and token value of all placed orders were exposed to unauthorized users. If exploited properly, a few additional informatio...
CVE-2021-3841
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...
CVE-2020-5220
Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...
CVE-2020-15245
In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that th...