Vulnerabilities > Sylius
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2021-3841 | Cross-site Scripting vulnerability in Sylius sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. | 5.4 |
| 2022-03-15 | CVE-2022-24752 | SQL Injection vulnerability in Sylius Syliusgridbundle 1.11.0 SyliusGridBundle is a package of generic data grids for Symfony applications. | 9.8 |
| 2022-03-14 | CVE-2022-24749 | Cross-site Scripting vulnerability in Sylius Sylius is an open source eCommerce platform. | 6.1 |
| 2022-03-14 | CVE-2022-24743 | Insufficient Session Expiration vulnerability in Sylius Sylius is an open source eCommerce platform. | 8.2 |
| 2022-03-14 | CVE-2022-24742 | Exposure of Resource to Wrong Sphere vulnerability in Sylius Sylius is an open source eCommerce platform. | 5.5 |
| 2022-03-14 | CVE-2022-24733 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Sylius Sylius is an open source eCommerce platform. | 6.1 |
| 2021-10-05 | CVE-2021-41120 | Authorization Bypass Through User-Controlled Key vulnerability in Sylius Paypal sylius/paypal-plugin is a paypal plugin for the Sylius development platform. | 7.5 |
| 2021-06-28 | CVE-2021-32720 | Information Exposure vulnerability in Sylius Sylius is an Open Source eCommerce platform on top of Symfony. | 5.3 |
| 2020-10-19 | CVE-2020-15245 | Missing Authorization vulnerability in Sylius In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. | 4.3 |
| 2020-08-20 | CVE-2020-15146 | Expression Language Injection vulnerability in Sylius Syliusresourcebundle In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. | 8.8 |