Skip to main content

Sylius CVE-2024-29376

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-04-22 cve@mitre.org
6.4
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 22, 2024 - 19:15 cve.org
MEDIUM 6.4

DescriptionCVE.org

Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book.

AnalysisAI

Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book. Affected products include: Sylius.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Sylius

View all
CVE-2024-57610 HIGH POC
7.5 Feb 06

A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user acco

CVE-2022-24743 HIGH POC
8.2 Mar 14

Sylius is an open source eCommerce platform. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable,

CVE-2022-24749 MEDIUM POC
6.1 Mar 14

Sylius is an open source eCommerce platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitabl

CVE-2026-31824 HIGH
8.2 Mar 10

Sylius eCommerce Framework is vulnerable to a race condition in promotion and coupon usage limit enforcement, where conc

CVE-2026-31820 MEDIUM
6.5 Mar 10

Authenticated users in Sylius eCommerce can access sensitive customer data belonging to other users through unvalidated

CVE-2026-31819 MEDIUM
6.1 Mar 10

Open redirect vulnerabilities in Sylius eCommerce Framework allow unauthenticated attackers to redirect users to arbitra

CVE-2026-31822 MEDIUM
6.1 Mar 10

Stored XSS in Sylius checkout login form allows unauthenticated attackers to inject malicious scripts through authentica

CVE-2022-24733 MEDIUM
6.1 Mar 14

Sylius is an open source eCommerce platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitabl

CVE-2022-24742 MEDIUM
5.5 Mar 14

Sylius is an open source eCommerce platform. Rated medium severity (CVSS 5.5), this vulnerability is no authentication r

CVE-2026-31821 MEDIUM
5.3 Mar 10

Sylius eCommerce framework's cart API endpoint fails to validate cart ownership, allowing unauthenticated attackers to a

CVE-2026-31825 MEDIUM
5.3 Mar 10

Sylius eCommerce Framework versions prior to 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, and 2.

CVE-2021-32720 MEDIUM
5.3 Jun 28

Sylius is an Open Source eCommerce platform on top of Symfony. Rated medium severity (CVSS 5.3), this vulnerability is r

Share

CVE-2024-29376 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy