Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-14	CVE-2022-24749	Cross-site Scripting vulnerability in Sylius Sylius is an open source eCommerce platform. network sylius CWE-79	4.3
2022-03-14	CVE-2022-24743	Insufficient Session Expiration vulnerability in Sylius Sylius is an open source eCommerce platform. network low complexity sylius CWE-613	6.4
2022-03-14	CVE-2022-24742	Exposure of Resource to Wrong Sphere vulnerability in Sylius Sylius is an open source eCommerce platform. local low complexity sylius CWE-668	5.5
2022-03-14	CVE-2022-24733	Improper Restriction of Rendered UI Layers or Frames vulnerability in Sylius Sylius is an open source eCommerce platform. network sylius CWE-1021	5.8
2021-06-28	CVE-2021-32720	Information Exposure vulnerability in Sylius Sylius is an Open Source eCommerce platform on top of Symfony. network low complexity sylius CWE-200	5.0
2020-10-19	CVE-2020-15245	Missing Authorization vulnerability in Sylius In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. network low complexity sylius CWE-862	4.0
2020-01-27	CVE-2020-5218	HTTP Request Smuggling vulnerability in Sylius Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. network low complexity sylius CWE-444	4.0
2019-12-05	CVE-2019-16768	Information Exposure Through an Error Message vulnerability in Sylius In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. network low complexity sylius CWE-209	4.0