CVE-2019-12186 – sylius/grid-bundle

Package

Manager: composer
Name: sylius/grid-bundle
Vulnerable Version: >=1.0.0 <1.1.19 || >=1.2.0 <1.2.18 || >=1.3.0 <1.3.13 || >=1.4.0 <1.4.5 || >=1.5.0 <1.5.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00351 pctl0.56853

Details

XSS injection in the Grid component of Sylius Grid component of Sylius omits HTML input sanitisation while rendering object implementing __toString() method through the string field type.

Metadata

Created: 2020-04-15T21:07:59Z
Modified: 2024-02-26T12:35:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-rc5r-697f-28x6/GHSA-rc5r-697f-28x6.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-rc5r-697f-28x6
Finding: F008
Auto approve: 1