11 matches found
EUVD-2021-1402
Malware in sbrugna...
EUVD-2024-1784
Malicious code in bioql PyPI...
EUVD-2022-1312
Malicious code in bioql PyPI...
EUVD-2022-1308
Malicious code in bioql PyPI...
CVE-2024-34349
Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The co...
Cross site scripting
Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting XSS code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the...
CVE-2022-24742 Exposure of Sensitive Information Due to Incompatible Policies in Sylius
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect...
CVE-2022-24733
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface wi...
CVE-2022-24733 Improper Restriction of Rendered UI Layers or Frames in Sylius
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface wi...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting XSS code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the...
Design/Logic Flaw
Sylius is an Open Source eCommerce platform on top of Symfony. In versions of Sylius prior to 1.9.5 and 1.10.0-RC.1, part of the details order ID, order number, items total, and token value of all placed orders were exposed to unauthorized users. If exploited properly, a few additional informatio...