sylius/sylius Security Advisories for v1.9.0-ALPHA.1 (6)
-
[MEDIUM] Cross site scripting in sylius/sylius
PKSA-r24p-jzny-v839 CVE-2021-3841 GHSA-hhvr-2q69-4563
Affected version: >=1.11.0,<1.11.2|>=1.10.0,<1.10.11|<1.9.10
Reported by:
GitHub -
[HIGH] Sylius has a security vulnerability via adjustments API endpoint
PKSA-b1q1-2jf6-pqt9 CVE-2024-40633 GHSA-55rf-8q29-4g43
Affected version: >=1.13.0-alpha.1,<1.13.4|<1.12.19
Reported by:
GitHub -
[MEDIUM] Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
PKSA-bdq8-12rq-1jxx CVE-2022-24749 GHSA-4qrp-27r3-66fj
Affected version: >=1.11.0,<1.11.2|>=1.10.0,<1.10.11|<1.9.10
Reported by:
GitHub -
[MEDIUM] Sensitive Information Exposure in Sylius
PKSA-4y6p-d93g-pxdh CVE-2022-24742 GHSA-7563-75j9-6h5p
Affected version: >=1.11,<1.11.2|>=1.10,<1.10.11|<1.9.10
Reported by:
GitHub -
[MEDIUM] Improper Restriction of Rendered UI Layers or Frames in Sylius
PKSA-ftgj-pjx7-dswf CVE-2022-24733 GHSA-4jp3-q2qm-9fmw
Affected version: >=1.11.0,<1.11.2|>=1.10.0,<1.10.11|<1.9.10
Reported by:
GitHub -
[MEDIUM] List of order ids, number, items total and token value exposed for unauthorized uses via new API
PKSA-g9bh-zy49-c4ys CVE-2021-32720 GHSA-rpxh-vg2x-526v
Affected version: >=1.9.0,<1.9.5
Reported by:
GitHub