Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sylius sylius vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2020-5218
Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no sylius_channel.debug is set explicitly in the configuration...
Sylius Sylius
Sylius Sylius 1.5.0
4.8
CVSSv3
CVE-2019-12186
An issue exists in Sylius products. Missing input sanitization in sylius/sylius 1.0.x up to and including 1.0.18, 1.1.x up to and including 1.1.17, 1.2.x up to and including 1.2.16, 1.3.x up to and including 1.3.11, and 1.4.x up to and including 1.4.3 and sylius/grid 1.0.x up to ...
Sylius Grid
Sylius Grid 1.5.0
Sylius Sylius
4.3
CVSSv3
CVE-2019-16768
In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may ...
Sylius Sylius
6.1
CVSSv3
CVE-2022-24733
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an malicious user to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the targe...
Sylius Sylius
5.5
CVSSv3
CVE-2022-24742
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must ...
Sylius Sylius
8.2
CVSSv3
CVE-2022-24743
Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password c...
Sylius Sylius
6.1
CVSSv3
CVE-2022-24749
Sylius is an open source eCommerce platform. In versions before 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loade...
Sylius Sylius
4.3
CVSSv3
CVE-2020-15245
In Sylius prior to 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Not...
Sylius Sylius
5.3
CVSSv3
CVE-2021-32720
Sylius is an Open Source eCommerce platform on top of Symfony. In versions of Sylius before 1.9.5 and 1.10.0-RC.1, part of the details (order ID, order number, items total, and token value) of all placed orders were exposed to unauthorized users. If exploited properly, a few addi...
Sylius Sylius
5.3
CVSSv3
CVE-2020-5220
Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with...
Sylius Syliusresourcebundle
Sylius Syliusresourcebundle 1.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »