Loading
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser.
Use CWE-79, Sylius vendor hub and Sylius product page to widen CVE-2021-3841 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-31824, CVE-2024-57610 and CVE-2026-31820 for nearby disclosures in the same product family.