Vulnerabilities > Sylius > Sylius > 1.1.15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-14 | CVE-2022-24749 | Cross-site Scripting vulnerability in Sylius Sylius is an open source eCommerce platform. | 4.3 |
| 2022-03-14 | CVE-2022-24742 | Exposure of Resource to Wrong Sphere vulnerability in Sylius Sylius is an open source eCommerce platform. | 5.5 |
| 2022-03-14 | CVE-2022-24733 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Sylius Sylius is an open source eCommerce platform. | 5.8 |
| 2020-10-19 | CVE-2020-15245 | Missing Authorization vulnerability in Sylius In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. | 4.0 |
| 2019-12-31 | CVE-2019-12186 | Cross-site Scripting vulnerability in Sylius Grid An issue was discovered in Sylius products. | 3.5 |
| 2019-12-05 | CVE-2019-16768 | Information Exposure Through an Error Message vulnerability in Sylius In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. | 4.0 |