CVE-2026-31823 | Sylius up to 2.0.15/2.1.11/2.2.2 breadcrumbs.html.twig rowRenderer label cross site scripting (GHSA-mx4q-xxc9-pf5q)

A vulnerability was found in Sylius up to 2.0.15/2.1.11/2.2.2. It has been declared as problematic. This impacts the function rowRenderer of the file shared/breadcrumbs.html.twig. Such manipulation of the argument label leads to cross site scripting.

This vulnerability is documented as CVE-2026-31823. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More