3 matches found
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
Impact There is a possibility to upload an SVG file containing XSS code in the admin panel. In order to perform an XSS attack, the file itself has to be opened in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. Patches T...
GHSA-8VP7-J5CJ-VVM2 Ability to expose data in Sylius by using an unintended serialisation group
Impact ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...
. net to mention the right to 0day, The through-kill to win the series-vulnerability warning-the black bar safety net
/ The exploit title: NET runtime optimization service privilege escalation Of dates: 2 0 1 1 years 3 months 7 days The author: XenoMuta [email protected] Version: V2. 0. 5 0 7 2 7 Test: the 2 0 0 3 R2 in Windows XP SP3, the, the 7 The vulnerability: N / A | | / / / | / / / / - | / \ / \ / \ ...