Lucene search
K

5 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-3263

Malicious code in bioql PyPI...

5.4CVSS4.6AI score0.00239EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 p.m.17 views

CVE-2021-3841

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...

5.4CVSS5.4AI score0.00239EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:22 p.m.10 views

CVE-2020-15245

In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that th...

4.3CVSS6.5AI score0.0062EPSS
Exploits0
OSV
OSV
added 2022/03/14 10:38 p.m.33 views

GHSA-4QRP-27R3-66FJ Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius

Impact There is a possibility to upload an SVG file containing XSS code in the admin panel. In order to perform an XSS attack, the file itself has to be opened in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. Patches T...

6.1CVSS6AI score0.0109EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/03/14 6:50 p.m.7 views

CVE-2022-24733 Improper Restriction of Rendered UI Layers or Frames in Sylius

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface wi...

6.1CVSS6AI score0.00871EPSS
Exploits0References4
Rows per page
Query Builder