XSS Vulnerability in Sylius E-commerce Platform
CVE-2019-12186

4.8MEDIUM

Key Information:

Vendor: Sylius
Status: Grid; Sylius
Vendor: CVE Published:; 31 December 2019

What is CVE-2019-12186?

A vulnerability has been identified in Sylius products that lacks adequate input sanitization in various versions. This weakness allows an attacker, particularly an admin within the Sylius platform, to exploit the system by injecting malicious code into fields displayed in a grid. The malicious code can be executed when the object’s __toString() method returns the code, leading to potential unauthorized actions and data manipulation.

References

https://sylius.com/blog/cve-2019-12186/

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2019
Vulnerability Reserved
May 19, 2019