Anonymity in Blockchain: Balancing Privacy and Security

CVE-2021-3841

5.4MEDIUM

Key Information

Vendor: Sylius
Status: Sylius/sylius
Vendor: CVE Published:; 15 November 2024

Summary

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser.

Affected Version(s)

sylius/sylius < 1.9.10, 1.10.11, 1.11.2

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Risk change from: 5.4 to: 4.1 - (MEDIUM)
Nov 20, 2024
Risk change from: null to: 4.1 - (MEDIUM)
Nov 15, 2024
Vulnerability published.
Nov 15, 2024
Vulnerability Reserved.
Sep 30, 2021

Collectors

NVD DatabaseMitre Database