E-Commerce
Sylius/Sylius
Headless open-source eCommerce platform on top of PHP/Symfony/API Platform
#sylius#php#symfony#ecommerce#ecommerce-platform#shop#shopping-cart#framework#symfony-bundle#headless#headless-ecommerce#api#rest-api#restful-api#api-ecommerce#hacktoberfest
スコア
90
/ 100
Star
8,470
Fork
2,159
Open Issue
170
サイズ
353MB
言語
PHP ★
最終push
0 日前
Docker
🐳 compose ★
採点内訳
過去CVE 18件 (やや多い)
✓直近 push: 0 日前
✓得意言語 (PHP)
✓オープンissue 170件
✓大規模 (353MB)
—Docker 対応 (compose)
✓1k–10k: 初心者ベスト (★8,470)
✓※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。
過去の SecurityAdvisory (18 件)
- Promotion Usage Limit Bypass via Race Condition
- DQL Injection via API Order Filters
- Authenticated Stored XSS
- XSS vulnerability in checkout login form
- Missing Authorization in API v2 Add Item Endpoint
- IDOR in Cart and Checkout LiveComponents
- Open Redirect via Referer Header
- Ability to retrieve Adjustments with an incremental integer ID in an API endpoint
- Potential Cross Site Scripting (XSS) via the "Name" field (Taxons, Products, Options, Variants) in the Admin Panel
- Potential Cross Site Scripting (XSS) via the "Province" field in the Checkout and Address Book
- Exposure of sensitive information by using the back button after logging out in sylius/sylius
- Missing HTTP headers to avoid login forms clickjacking
- Improper sanitize of SVG files during content upload ('Cross-site Scripting') in Sylius/Sylius
- Reset password token not set to null after reset password
- List of order ids, number, items total and token value exposed for unauthorized uses via new API
- Ability to switch customer email address on account detail page and stay verified
- Ability to switch channels via GET parameter enabled in production environments
- Internal exception message exposure for login action