Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2024/11/15 10:52 a.m.17 views

CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...

4.1CVSS5.5AI score0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/15 10:52 a.m.49 views

CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...

4.1CVSS0.00239EPSS
Exploits0References2
CVE
CVE
added 2024/11/15 10:52 a.m.66 views

CVE-2021-3841

CVE-2021-3841 affects sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2, where stored XSS can be triggered via SVG files uploaded or rendered by the application. The root cause is an SVG handling vulnerability that allows injection of malicious scripts executed in the user’s browser. Im...

5.4CVSS4.2AI score0.00239EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/05/13 6:45 a.m.17 views

Cross-Site Scripting (XSS)

sylius/sylius is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization within autocomplete fields and the category tree in the Admin panel, which allows an attacker to insert arbitrary JavaScript into Name fields such as the Taxons, Products, Product...

4.8CVSS6.4AI score0.0044EPSS
Exploits0
Rows per page
Query Builder