CVE-2024-37156

🗓️ 06 Jun 2024 16:13:15Reported by GitHub_MType

SuluFormBundle dynamic form XSS vulnerability fixed in 2.5.3

Reporter	Title	Published	Views	Family All 7
Vulnrichment	CVE-2024-37156 TokenController formName not sanitized in hidden input	6 Jun 202416:03	–	vulnrichment
OSV	GHSA-RRVC-C7XG-7CF3 TokenController formName not sanitized in hidden input	6 Jun 202421:36	–	osv
OSV	CVE-2024-37156	6 Jun 202416:15	–	osv
Cvelist	CVE-2024-37156 TokenController formName not sanitized in hidden input	6 Jun 202416:03	–	cvelist
Github Security Blog	TokenController formName not sanitized in hidden input	6 Jun 202421:36	–	github
NVD	CVE-2024-37156	6 Jun 202416:15	–	nvd
Veracode	Cross Site Scripting (XSS)	11 Jun 202406:43	–	veracode

Nvd

Vulners

Node

sulu suluformbundleRange2.0.0–2.5.3

[
  {
    "vendor": "sulu",
    "product": "SuluFormBundle",
    "versions": [
      {
        "version": ">=2.0.0, < 2.5.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/sulu/SuluFormBundle/commit/3f341b71a7309cbc8fd2c5bff894c654d1679b17
github	www.github.com/sulu/SuluFormBundle/security/advisories/GHSA-rrvc-c7xg-7cf3

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Jun 2024 16:15Current

6Medium risk

Vulners AI Score6

CVSS36.1

EPSS0.00046

SSVC

suluformbundle dynamic forms admin xss vulnerability