← All advisories

Moderate severityNVD Advisory· Published Apr 22, 2024· Updated Nov 22, 2024

CVE-2024-29376

CVE-2024-29376

Description

Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
sylius/syliusPackagist	< 1.9.12	1.9.12
sylius/syliusPackagist	>= 1.10.0-alpha.1, < 1.10.16	1.10.16
sylius/syliusPackagist	>= 1.11.0-alpha.1, < 1.11.17	1.11.17
sylius/syliusPackagist	>= 1.12.0-alpha.1, < 1.12.16	1.12.16
sylius/syliusPackagist	>= 1.13.0-alpha.1, < 1.13.1	1.13.1

Affected products

2

Sylius/Syliuscpe-rescue
ghsa-coords
pkg:composer/sylius/sylius
Range: < 1.9.12

Patches

Vulnerability mechanics

References

5

github.com/advisories/GHSA-7prj-9ccr-hr3qghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-29376ghsaADVISORY
github.com/Sylius/Sylius/commit/fb0ecb275747e364f1d4744ed8605c57f9bd8a80ghsaWEB
github.com/Sylius/Sylius/security/advisories/GHSA-7prj-9ccr-hr3qghsaWEB
github.com/r2tunes/Reports/blob/main/Sylius.mdghsaWEB

News mentions

0

No linked articles in our index yet.