Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sylius sylius vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2020-5218
Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no sylius_channel.debug is set explicitly in the configuration...
Sylius Sylius
Sylius Sylius 1.5.0
312
VMScore
CVE-2019-12186
An issue exists in Sylius products. Missing input sanitization in sylius/sylius 1.0.x up to and including 1.0.18, 1.1.x up to and including 1.1.17, 1.2.x up to and including 1.2.16, 1.3.x up to and including 1.3.11, and 1.4.x up to and including 1.4.3 and sylius/grid 1.0.x up to ...
Sylius Grid
Sylius Grid 1.5.0
Sylius Sylius
516
VMScore
CVE-2022-24733
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an malicious user to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the targe...
Sylius Sylius
570
VMScore
CVE-2022-24743
Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password c...
Sylius Sylius
383
VMScore
CVE-2022-24749
Sylius is an open source eCommerce platform. In versions before 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loade...
Sylius Sylius
356
VMScore
CVE-2019-16768
In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may ...
Sylius Sylius
383
VMScore
CVE-2022-24742
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must ...
Sylius Sylius
445
VMScore
CVE-2021-32720
Sylius is an Open Source eCommerce platform on top of Symfony. In versions of Sylius before 1.9.5 and 1.10.0-RC.1, part of the details (order ID, order number, items total, and token value) of all placed orders were exposed to unauthorized users. If exploited properly, a few addi...
Sylius Sylius
356
VMScore
CVE-2020-15245
In Sylius prior to 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Not...
Sylius Sylius
445
VMScore
CVE-2020-5220
Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with...
Sylius Syliusresourcebundle
Sylius Syliusresourcebundle 1.5.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »