Moderate severityNVD Advisory· Published Nov 15, 2024· Updated Nov 20, 2024
Stored Cross-site Scripting (XSS) in sylius/sylius
CVE-2021-3841
Description
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sylius/syliusPackagist | < 1.9.10 | 1.9.10 |
sylius/syliusPackagist | >= 1.10.0, < 1.10.11 | 1.10.11 |
sylius/syliusPackagist | >= 1.11.0, < 1.11.2 | 1.11.2 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.