Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sylius sylius vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-24752
SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took ste...
Sylius Syliusgridbundle
Sylius Syliusgridbundle 1.11.0
8.8
CVSSv3
CVE-2020-15143
In SyliusResourceBundle prior to 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the malicious user to access any public service by manipulating ...
Sylius Syliusresourcebundle
8.8
CVSSv3
CVE-2020-15146
In SyliusResourceBundle prior to 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the malicious user to access any public service by manipulating t...
Sylius Syliusresourcebundle
8.2
CVSSv3
CVE-2022-24743
Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password c...
Sylius Sylius
7.5
CVSSv3
CVE-2021-41120
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the Cred...
Sylius Paypal
6.1
CVSSv3
CVE-2022-24749
Sylius is an open source eCommerce platform. In versions before 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loade...
Sylius Sylius
6.1
CVSSv3
CVE-2022-24733
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an malicious user to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the targe...
Sylius Sylius
5.5
CVSSv3
CVE-2022-24742
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must ...
Sylius Sylius
5.3
CVSSv3
CVE-2021-32720
Sylius is an Open Source eCommerce platform on top of Symfony. In versions of Sylius before 1.9.5 and 1.10.0-RC.1, part of the details (order ID, order number, items total, and token value) of all placed orders were exposed to unauthorized users. If exploited properly, a few addi...
Sylius Sylius
5.3
CVSSv3
CVE-2020-5220
Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with...
Sylius Syliusresourcebundle
Sylius Syliusresourcebundle 1.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »