Vulnerabilities > Sylius > Sylius > 1.2.8

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2021-3841 Cross-site Scripting vulnerability in Sylius
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files.
network
low complexity
sylius CWE-79
5.4
5.4
2022-03-14 CVE-2022-24749 Cross-site Scripting vulnerability in Sylius
Sylius is an open source eCommerce platform.
network
low complexity
sylius CWE-79
6.1
6.1
2022-03-14 CVE-2022-24742 Exposure of Resource to Wrong Sphere vulnerability in Sylius
Sylius is an open source eCommerce platform.
local
low complexity
sylius CWE-668
5.5
5.5
2022-03-14 CVE-2022-24733 Unspecified vulnerability in Sylius
Sylius is an open source eCommerce platform.
network
low complexity
sylius
6.1
6.1
2020-10-19 CVE-2020-15245 Missing Authorization vulnerability in Sylius
In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled.
network
low complexity
sylius CWE-862
4.3
4.3
2019-12-31 CVE-2019-12186 Cross-site Scripting vulnerability in Sylius Grid and Sylius
An issue was discovered in Sylius products.
network
low complexity
sylius CWE-79
4.8
4.8
2019-12-05 CVE-2019-16768 Information Exposure Through an Error Message vulnerability in Sylius
In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI.
network
low complexity
sylius CWE-209
4.3
4.3