293 matches found
CVE-2024-57610
CVE-2024-57610 describes a rate-limiting vulnerability in Sylius 2.0.2 where a remote attacker can perform unrestricted brute-force attempts on user accounts, potentially leading to account compromise and denial of service for legitimate users. The accompanying sources consistently state that the...
Sylius 安全漏洞
Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. A security vulnerability exists in Sylius version v2.0.2, which stems from the inclusion of a rate limiting issue. An attacker exploiting this vulnerability could conduct a brute force...
PT-2025-5850 · Sylius · Sylius
Name of the Vulnerable Software and Affected Versions: Sylius version 2.0.2 Description: A rate limiting issue allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users...
CVE-2024-57610
A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. The Supplier's position is that the Sylius core software is not intende...
CVE-2024-57610
A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. The Supplier's position is that the Sylius core software is not intende...
CVE-2022-24743
Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue ...
Cross-site Scripting (XSS)
sylius/sylius is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of uploaded SVG files, allowing attackers to inject malicious scripts that execute in the user's browser context...
Cross-site Scripting (XSS)
Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via a malicious SVG file, in ImageUploader.php. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects”...
GHSA-HHVR-2Q69-4563 Cross site scripting in sylius/sylius
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...
Cross site scripting in sylius/sylius
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...
CVE-2021-3841
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...
CVE-2021-3841
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...
CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...
CVE-2021-3841
CVE-2021-3841 affects sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2, where stored XSS can be triggered via SVG files uploaded or rendered by the application. The root cause is an SVG handling vulnerability that allows injection of malicious scripts executed in the user’s browser. Im...
CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...
Sylius 安全漏洞
Sylius is a suite of open source e-commerce platforms based on the Symfony framework by the Polish company Sylius. A security vulnerability exists in Sylius. An attacker exploiting the vulnerability could execute malicious scripts in a user's browser...
Information Disclosure
sylius/sylius is vulnerable to Information Disclosure. The vulnerability is due to the /api/v2/shop/adjustments/id endpoint, which allows an attacker to enumerate valid adjustment IDs to retrieve order tokens and access sensitive guest customer information...
CVE-2024-40633
Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...
CVE-2024-40633
Summary: CVE-2024-40633 affects Sylius (Symfony-based) in the /api/v2/shop/adjustments/{id} endpoint. The flaw enables an attacker to enumerate valid adjustment IDs and retrieve order tokens, potentially exposing sensitive guest customer order details. Affected/Root cause: Unauthenticated access ...
CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius
Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...