sylius/sylius is vulnerable to click-jacking attacks. An attacker can avoid login forms and load the malicious website within an iframe due to the missing HTTP headers.
github.com/Sylius/Sylius/commit/67de9e81044fdb68ef7b0afabadaddb8644cd7ea
github.com/Sylius/Sylius/pull/14
github.com/Sylius/Sylius/releases/tag/v1.10.11
github.com/Sylius/Sylius/releases/tag/v1.11.2
github.com/Sylius/Sylius/releases/tag/v1.9.10
github.com/Sylius/Sylius/security/advisories/GHSA-4jp3-q2qm-9fmw