4 matches found
CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...
CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...
CVE-2021-3841
CVE-2021-3841 affects sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2, where stored XSS can be triggered via SVG files uploaded or rendered by the application. The root cause is an SVG handling vulnerability that allows injection of malicious scripts executed in the user’s browser. Im...
Cross-Site Scripting (XSS)
sylius/sylius is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization within autocomplete fields and the category tree in the Admin panel, which allows an attacker to insert arbitrary JavaScript into Name fields such as the Taxons, Products, Product...