CVE-2019-12186
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x through 1.1.18, 1.2.x through 1.2.17, 1.3.x through 1.3.12, 1.4.x through 1.4.4, and 1.5.0 allows an attacker (an admin in the sylius/sylius case) to perform XSS by injecting malicious code into a field displayed in a grid with the "string" field type. The contents are an object, with malicious code returned by the __toString() method of that object.
Se descubrió un problema en los productos Sylius. Una perdida de saneamiento de la entrada en sylius/sylius versiones 1.0.x hasta 1.0.18, 1.1.x hasta 1.1.17, 1.2.x hasta 1.2.16, 1.3.x hasta 1.3.11 y 1.4.x hasta 1.4.3 y sylius/grid versiones 1.0.x hasta 1.0.18, versiones 1.1.x hasta 1.1.18, versiones 1.2.x hasta 1.2.17, versiones 1.3.x hasta 1.3.12, versiones 1.4.x hasta 1.4.4 y versión 1.5.0, permite a un atacante (un administrador en el caso de sylius/sylius) llevar a cabo un ataque de tipo XSS mediante una inyección de código malicioso en un campo que se muestra en una cuadrícula con el tipo de campo "string". El contenido es un objeto, con código malicioso devuelto por el método __toString() de ese objeto.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-05-19 CVE Reserved
- 2019-12-31 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://sylius.com/blog/cve-2019-12186 | 2020-01-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sylius Search vendor "Sylius" | Grid Search vendor "Sylius" for product "Grid" | >= 1.0.0 <= 1.0.18 Search vendor "Sylius" for product "Grid" and version " >= 1.0.0 <= 1.0.18" | - |
Affected
| ||||||
| Sylius Search vendor "Sylius" | Grid Search vendor "Sylius" for product "Grid" | >= 1.1.0 <= 1.1.18 Search vendor "Sylius" for product "Grid" and version " >= 1.1.0 <= 1.1.18" | - |
Affected
| ||||||
| Sylius Search vendor "Sylius" | Grid Search vendor "Sylius" for product "Grid" | >= 1.2.0 <= 1.2.17 Search vendor "Sylius" for product "Grid" and version " >= 1.2.0 <= 1.2.17" | - |
Affected
| ||||||
| Sylius Search vendor "Sylius" | Grid Search vendor "Sylius" for product "Grid" | >= 1.3.0 <= 1.3.12 Search vendor "Sylius" for product "Grid" and version " >= 1.3.0 <= 1.3.12" | - |
Affected
| ||||||
| Sylius Search vendor "Sylius" | Grid Search vendor "Sylius" for product "Grid" | >= 1.4.0 <= 1.4.4 Search vendor "Sylius" for product "Grid" and version " >= 1.4.0 <= 1.4.4" | - |
Affected
| ||||||
| Sylius Search vendor "Sylius" | Grid Search vendor "Sylius" for product "Grid" | 1.5.0 Search vendor "Sylius" for product "Grid" and version "1.5.0" | - |
Affected
| ||||||
| Sylius Search vendor "Sylius" | Sylius Search vendor "Sylius" for product "Sylius" | >= 1.0.0 <= 1.0.18 Search vendor "Sylius" for product "Sylius" and version " >= 1.0.0 <= 1.0.18" | - |
Affected
| ||||||
| Sylius Search vendor "Sylius" | Sylius Search vendor "Sylius" for product "Sylius" | >= 1.1.0 <= 1.1.17 Search vendor "Sylius" for product "Sylius" and version " >= 1.1.0 <= 1.1.17" | - |
Affected
| ||||||
| Sylius Search vendor "Sylius" | Sylius Search vendor "Sylius" for product "Sylius" | >= 1.2.0 <= 1.2.16 Search vendor "Sylius" for product "Sylius" and version " >= 1.2.0 <= 1.2.16" | - |
Affected
| ||||||
| Sylius Search vendor "Sylius" | Sylius Search vendor "Sylius" for product "Sylius" | >= 1.3.0 <= 1.3.11 Search vendor "Sylius" for product "Sylius" and version " >= 1.3.0 <= 1.3.11" | - |
Affected
| ||||||
| Sylius Search vendor "Sylius" | Sylius Search vendor "Sylius" for product "Sylius" | >= 1.4.0 <= 1.4.3 Search vendor "Sylius" for product "Sylius" and version " >= 1.4.0 <= 1.4.3" | - |
Affected
| ||||||