Lucene search
MitreCVELIST:CVE-2018-12040HistoryJun 13, 2018 - 10:00 p.m.
CVE-2018-12040
2018-06-1322:00:00
mitre
www.cve.org
0.002 Low
EPSS
Percentile
55.3%
Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the “file” parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS … is in the web profiler, a tool that should never be deployed in production (so, we don’t handle those issues as security issues).
Related
nvd
nvd
CVE-2018-12040
2018-06-13 22:29:00
CVE-2019-20058
2019-12-29 19:15:11
cve
cve
CVE-2018-12040
2018-06-13 22:29:00
CVE-2019-20058
2019-12-29 19:15:11
packetstorm
packetstorm
SensioLabs Symfony 3.3.6 Cross Site Scripting
2018-06-09 00:00:00
ubuntucve
ubuntucve
CVE-2018-12040
2018-06-13 00:00:00
prion
prion
Cross site scripting
2018-06-13 22:29:00
Design/Logic Flaw
2019-12-29 19:15:00
debiancve
debiancve
CVE-2018-12040
2018-06-13 22:29:00
cvelist
cvelist
CVE-2019-20058
2019-12-29 18:50:50