Описание
Cross site scripting in sylius/sylius
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser.
Пакеты
Наименование
sylius/sylius
composer
Затронутые версииВерсия исправления
< 1.9.10
1.9.10
Наименование
sylius/sylius
composer
Затронутые версииВерсия исправления
>= 1.10.0, < 1.10.11
1.10.11
Наименование
sylius/sylius
composer
Затронутые версииВерсия исправления
>= 1.11.0, < 1.11.2
1.11.2
Связанные уязвимости
CVSS3: 5.4
nvd
около 1 года назад
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser.