2 matches found
Open Redirect
Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Open Redirect in the handling of the switchAction, impersonateAction, and handle processes when redirecting users based on the HTTP Referer header. An attacker can redirec...
CVE-2026-31819 Sylius has an Open Redirect via Referer Header
Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction, ImpersonateUserController::impersonateAction and StorageBasedLocaleSwitcher::handle use the HTTP Referer header directly when redirecting. The attack requires the victim to click a legitimate...