sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Sylius |
|
Configuration 1 [-]
|
No data.
References
History
Wed, 20 Nov 2024 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 19 Nov 2024 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Sylius
Sylius sylius |
|
| CPEs | cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Sylius
Sylius sylius |
|
| Metrics |
cvssV3_1
|
Fri, 15 Nov 2024 11:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser. | |
| Title | Stored Cross-site Scripting (XSS) in sylius/sylius | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-11-15T10:52:01.371Z
Updated: 2024-11-20T22:36:05.302Z
Reserved: 2021-09-30T10:17:10.364Z
Link: CVE-2021-3841
Vulnrichment
Updated: 2024-11-20T22:35:55.121Z
NVD
Status : Analyzed
Published: 2024-11-15T11:15:05.980
Modified: 2024-11-19T17:11:49.017
Link: CVE-2021-3841
Redhat
No data.