CVE-2021-3841
4.1
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
Summary
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| sylius | sylius/sylius | unspecified < 1.9.10, 1.10.11, 1.11.2 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://huntr.com/bounties/1625506791178-Sylius/Sylius
- https://github.com/sylius/sylius/commit/3da169e0c23e752974d74223cc536c29a2a82edc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.