This advisory has been withdrawn because it is a duplicate of GHSA-7prj-9ccr-hr3q. This link is maintained to preserve external references.
Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book.