CVE-2024-29376

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-29376

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29376.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-29376

Aliases

GHSA-7prj-9ccr-hr3q

Published

2024-04-22T19:15:46.560Z

Modified

2026-04-10T05:11:51.493142Z

Severity

6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book.

References

https://github.com/r2tunes/Reports/blob/main/Sylius.md

Affected packages

Git / github.com/sylius/sylius

Affected ranges

Type

GIT

Repo

https://github.com/sylius/sylius

Events

Introduced

Last affected

26f9e3dd144035d823b165a78e659dcd34a7bd19

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.13"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.9.0

v1.*

v1.0.0

v1.0.0-alpha.1

v1.0.0-alpha.2

v1.0.0-beta.1

v1.0.0-beta.2

v1.0.0-beta.3

v1.0.0-rc.1

v1.0.0-rc.2

v1.10.0-ALPHA.1

v1.12.0

v1.12.0-ALPHA.1

v1.12.0-ALPHA.2

v1.12.0-BETA.1

v1.12.0-RC.1

v1.12.1

v1.12.10

v1.12.11

v1.12.12

v1.12.13

v1.12.2

v1.12.3

v1.12.4

v1.12.5

v1.12.6

v1.12.7

v1.12.8

v1.12.9

v1.2.0-BETA

v1.4.0-BETA.1

v1.6.0-ALPHA.1

v1.6.0-ALPHA.2

v1.7.0-ALPHA.1

v1.7.0-ALPHA.2

v1.9.0-ALPHA.1

v1.9.0-ALPHA.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29376.json"