Cross-Site Scripting

2024-04-2406:36:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

sylius

input sanitization

address book

browser execution

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

Percentile

9.0%

JSON

sylius/sylius is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper input anitaization within the Province field in the Address Book. This allows attackers to inject malicious scripts, which can be executed in the browsers of other users who view the Province field.