XSS in Sylius
CVE-2026-31822
Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting (XSS) vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFai…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.001 (16.3th percentile) — read the EPSS interpretation.
Affected products
- Sylius — versions >= 2.2.0, < 2.2.3, >= 2.1.0, < 2.1.12, >= 2.0.0, < 2.0.16
Weakness classification (CWE)
References
- https://github.com/Sylius/Sylius/security/advisories/GHSA-vgh8-c6fp-7gcg (x_refsource_CONFIRM)