2 matches found
CVE-2026-31819 Sylius has an Open Redirect via Referer Header
Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction, ImpersonateUserController::impersonateAction and StorageBasedLocaleSwitcher::handle use the HTTP Referer header directly when redirecting. The attack requires the victim to click a legitimate...
CVE-2025-1270 Insecure direct object reference (IDOR) vulnerability in H6Web
Insecure direct object reference IDOR vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the “pkrelated” parameter in the “/h6web/hadatoshermano.php” endpoint to refer to another user. In addition, the...