Lucene search

CVE-2024-37156 TokenController formName not sanitized in hidden input

🗓️ 06 Jun 2024 16:46:03Reported by GitHub_MType

TokenController parameter not sanitized in SuluFormBundle

Reporter	Title	Published	Views	Family All 7
Vulnrichment	CVE-2024-37156 TokenController formName not sanitized in hidden input	6 Jun 202416:03	–	vulnrichment
CVE	CVE-2024-37156	6 Jun 202416:15	–	cve
OSV	GHSA-RRVC-C7XG-7CF3 TokenController formName not sanitized in hidden input	6 Jun 202421:36	–	osv
OSV	CVE-2024-37156	6 Jun 202416:15	–	osv
Github Security Blog	TokenController formName not sanitized in hidden input	6 Jun 202421:36	–	github
NVD	CVE-2024-37156	6 Jun 202416:15	–	nvd
Veracode	Cross Site Scripting (XSS)	11 Jun 202406:43	–	veracode

[
  {
    "vendor": "sulu",
    "product": "SuluFormBundle",
    "versions": [
      {
        "version": ">=2.0.0, < 2.5.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/sulu/SuluFormBundle/commit/3f341b71a7309cbc8fd2c5bff894c654d1679b17
github	www.github.com/sulu/SuluFormBundle/security/advisories/GHSA-rrvc-c7xg-7cf3

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Jun 2024 16:03Current

CVSS36.1

EPSS0.00379