We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser.
Reserved 2021-09-30 | Published 2024-11-15 | Updated 2024-11-20 | Assigner @huntr_aihuntr.com/bounties/1625506791178-Sylius/Sylius
github.com/sylius/sylius/commit/3da169e0c23e752974d74223cc536c29a2a82edc
Support options