Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x through 1.1.18, 1.2.x through 1.2.17, 1.3.x through 1.3.12, 1.4.x through 1.4.4, and 1.5.0 allows an attacker (an admin in the sylius/sylius case) to perform XSS by injecting malicious code into a field displayed in a grid with the "string" field type. The contents are an object, with malicious code returned by the __toString() method of that object.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sylius Grid 跨站脚本漏洞
Vulnerability Description
Sylius和Sylius Grid都是波兰Sylius公司的产品。Sylius是一套基于Symfony框架的开源电子商务平台。Sylius Grid是一款用于管理数据网格的字段、排序和过滤器等的网格组件。 Sylius Grid中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。以下产品及版本受到影响:Sylius 1.0.x版本至1.0.18版本,1.1.x版本至1.1.17版本,1.2.x版本至1.2.16版本,1.3.x版本至1.3.11版本,1.
CVSS Information
N/A
Vulnerability Type
N/A