2 matches found
CVE-2024-29376
Sylius 1.12.13 is vulnerable to Cross Site Scripting XSS via the "Province" field in Address Book...
CVE-2024-29376
Summary: CVE-2024-29376 affects Sylius 1.12.13 with a Cross Site Scripting (XSS) flaw in the Province field of the Address Book (and Checkout flow). The public advisories confirm an XSS payload risk when saving/entering the Province value, enabling script execution on affected pages. Root cause d...