GHSA-55RF-8Q29-4G43 Sylius has a security vulnerability via adjustments API endpoint

Impact A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve order tokens. Using these tokens, an attacker can...

CVE-2024-25841

In the module "So Flexibilite" soflexibilite from Common-Services for PrestaShop 4.1.26, a guest authenticated customer can perform Cross Site Scripting XSS injection...