sylius is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via multiple parameters in the grid component due to a lack of input and output sanitization while rendering an object that implements the __toString()
method through the string
field type.