Lucene search
Veracode Vulnerability DatabaseVERACODE:20399HistoryMay 27, 2019 - 5:12 a.m.
Cross-Site Scripting (XSS)
2019-05-2705:12:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
22.7%
sylius is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via multiple parameters in the grid component due to a lack of input and output sanitization while rendering an object that implements the __toString() method through the string field type.
References
Related
cvelist
cvelist
CVE-2019-12186
2019-12-31 14:21:39
friendsofphp
friendsofphp
CVE-2019-12186: XSS injection in the Grid component
1970-01-01 00:00:00
CVE-2019-12186: XSS injection in the Grid component
1970-01-01 00:00:00
CVE-2019-12186: XSS injection in the Grid component
1970-01-01 00:00:00
prion
prion
Design/Logic Flaw
2019-12-31 15:15:00
osv
osv
CVE-2019-12186
2019-12-31 15:15:10
XSS injection in the Grid component of Sylius
2020-04-15 21:07:59
nvd
nvd
CVE-2019-12186
2019-12-31 15:15:10
cve
cve
CVE-2019-12186
2019-12-31 15:15:10
github
github
XSS injection in the Grid component of Sylius
2020-04-15 21:07:59