We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2021-3841

Stored Cross-site Scripting (XSS) in sylius/sylius



Description

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser.

Reserved 2021-09-30 | Published 2024-11-15 | Updated 2024-11-20 | Assigner @huntr_ai


MEDIUM: 4.1CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Product status

Any version before 1.9.10, 1.10.11, 1.11.2
affected

References

huntr.com/bounties/1625506791178-Sylius/Sylius

github.com/sylius/sylius/commit/3da169e0c23e752974d74223cc536c29a2a82edc

cve.org (CVE-2021-3841)

nvd.nist.gov (CVE-2021-3841)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2021-3841

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.