5 matches found
EUVD-2024-3263
Malicious code in bioql PyPI...
CVE-2021-3841
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...
CVE-2020-15245
In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that th...
GHSA-4QRP-27R3-66FJ Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
Impact There is a possibility to upload an SVG file containing XSS code in the admin panel. In order to perform an XSS attack, the file itself has to be opened in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. Patches T...
CVE-2022-24733 Improper Restriction of Rendered UI Layers or Frames in Sylius
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface wi...