sylius/sylius is vulnerable to cross-site scripting(XSS) attacks. An attacker is able to inject and execute malicious javascript via a specifically crafted SVG file.
CPE | Name | Operator | Version |
---|---|---|---|
sylius/sylius | le | v1.10.10 | |
sylius/sylius | le | v1.11.1 | |
sylius/sylius | le | v1.9.9 | |
sylius/sylius | le | v1.10.10 | |
sylius/sylius | le | v1.11.1 | |
sylius/sylius | le | v1.9.9 |
github.com/Sylius/Sylius/commit/46ed54bb0b7dae44e53d429a3edd68f5506c47a0
github.com/Sylius/Sylius/pull/13765
github.com/Sylius/Sylius/releases/tag/v1.10.11
github.com/Sylius/Sylius/releases/tag/v1.11.2
github.com/Sylius/Sylius/releases/tag/v1.9.10
github.com/Sylius/Sylius/security/advisories/GHSA-4qrp-27r3-66fj