PT-2024-27340 · Unknown +1 · Suluformbundle +1

🗓️ 06 Jun 2024 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 2 Views

SuluFormBundle XSS in TokenController formName parameter; upgrade to 2.5.3.

Reporter	Title	Published	Views	Family All 11
CNNVD	SuluFormBundle Security Vulnerability	6 Jun 202400:00	–	cnnvd
CVE	CVE-2024-37156	6 Jun 202416:03	–	cve
Cvelist	CVE-2024-37156 TokenController formName not sanitized in hidden input	6 Jun 202416:03	–	cvelist
EUVD	EUVD-2024-2163	3 Oct 202520:07	–	euvd
Github Security Blog	TokenController formName not sanitized in hidden input	6 Jun 202421:36	–	github
NVD	CVE-2024-37156	6 Jun 202416:15	–	nvd
OSV	CVE-2024-37156 TokenController formName not sanitized in hidden input	6 Jun 202416:03	–	osv
OSV	GHSA-RRVC-C7XG-7CF3 TokenController formName not sanitized in hidden input	6 Jun 202421:36	–	osv
RedhatCVE	CVE-2024-37156	23 May 202507:42	–	redhatcve
Veracode	Cross Site Scripting (XSS)	11 Jun 202406:43	–	veracode

Source	Link
github	www.github.com/sulu/SuluFormBundle/security/advisories/GHSA-rrvc-c7xg-7cf3
github	www.github.com/sulu/SuluFormBundle/commit/3f341b71a7309cbc8fd2c5bff894c654d1679b17
osv	www.osv.dev/vulnerability/CVE-2024-37156
osv	www.osv.dev/vulnerability/GHSA-rrvc-c7xg-7cf3
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-37156
github	www.github.com/sulu/SuluFormBundle
twitter	www.twitter.com/VulmonFeeds/status/1798787517228970436
t	www.t.me/cvenotify/97629
t	www.t.me/cvenotify/82295
twitter	www.twitter.com/linuxpatch/status/1798764333188407388

09 Oct 2024 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 3.16.1

EPSS0.0087

SSVC

SuluFormBundle TokenController formName parameter cross site scripting version 2.5.3