PT-2024-10996 · Sylius · Sylius/Sylius

Published

2024-11-15

Updated

2024-11-19

CVE-2021-3841

CVSS v3.1

4.1

Medium

Vector

AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions sylius/sylius versions prior to 1.9.10 sylius/sylius versions prior to 1.10.11 sylius/sylius versions prior to 1.11.2

Description The issue is related to stored cross-site scripting (XSS) through SVG files, allowing attackers to inject malicious scripts that can be executed in the context of the user's browser.

Recommendations For sylius/sylius versions prior to 1.9.10, update to version 1.9.10 or later. For sylius/sylius versions prior to 1.10.11, update to version 1.10.11 or later. For sylius/sylius versions prior to 1.11.2, update to version 1.11.2 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-3841

GHSA-HHVR-2Q69-4563

Affected Products

Sylius/Sylius

PT-2024-10996 · Sylius · Sylius/Sylius

CVE-2021-3841

Weakness Enumeration

Related Identifiers

Affected Products

References · 13