Vulnerabilities > Sylius

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2021-3841 Cross-site Scripting vulnerability in Sylius
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files.
network
low complexity
sylius CWE-79
5.4
2022-03-15 CVE-2022-24752 SQL Injection vulnerability in Sylius Syliusgridbundle 1.11.0
SyliusGridBundle is a package of generic data grids for Symfony applications.
network
low complexity
sylius CWE-89
critical
9.8
2022-03-14 CVE-2022-24749 Cross-site Scripting vulnerability in Sylius
Sylius is an open source eCommerce platform.
network
low complexity
sylius CWE-79
6.1
2022-03-14 CVE-2022-24743 Insufficient Session Expiration vulnerability in Sylius
Sylius is an open source eCommerce platform.
network
low complexity
sylius CWE-613
8.2
2022-03-14 CVE-2022-24742 Exposure of Resource to Wrong Sphere vulnerability in Sylius
Sylius is an open source eCommerce platform.
local
low complexity
sylius CWE-668
5.5
2022-03-14 CVE-2022-24733 Improper Restriction of Rendered UI Layers or Frames vulnerability in Sylius
Sylius is an open source eCommerce platform.
network
low complexity
sylius CWE-1021
6.1
2021-10-05 CVE-2021-41120 Authorization Bypass Through User-Controlled Key vulnerability in Sylius Paypal
sylius/paypal-plugin is a paypal plugin for the Sylius development platform.
network
low complexity
sylius CWE-639
7.5
2021-06-28 CVE-2021-32720 Information Exposure vulnerability in Sylius
Sylius is an Open Source eCommerce platform on top of Symfony.
network
low complexity
sylius CWE-200
5.3
2020-10-19 CVE-2020-15245 Missing Authorization vulnerability in Sylius
In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled.
network
low complexity
sylius CWE-862
4.3
2020-08-20 CVE-2020-15146 Expression Language Injection vulnerability in Sylius Syliusresourcebundle
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly.
network
low complexity
sylius CWE-917
8.8