13 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CodeExtension::fileExcerpt function in WebProfiler. An attacker can execute arbitrary JavaScript code in the context of affected users by sending a specially crafted non-PHP files with \n that avoids HTM...
CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering
More info at https://symfony.com/cve-2026-45072...
Cross Site Scripting (XSS)
symfony/symfony is vulnerable to Cross Site Scripting XSS. The vulnerability arises due to usage of unsafe filters in the getfilters method. CodeExtension uses issafe=html but fails to ensure the input is safe. An attacker can execute an XSS attack due to this misconfiguration...
GHSA-Q847-2Q57-WMR3 Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Description Some Twig filters in CodeExtension use "issafe=html" but don't actually ensure their input is safe. Resolution Symfony now escapes the output of the affected filters. The patch for this issue is available here for branch 4.4. Credits We would like to thank Pierre Rudloff for reporting...
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Description Some Twig filters in CodeExtension use "issafe=html" but don't actually ensure their input is safe. Resolution Symfony now escapes the output of the affected filters. The patch for this issue is available here for branch 4.4. Credits We would like to thank Pierre Rudloff for reporting...
DEBIAN-CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use issafe=html but don't actually ensure their input is safe. As of...
CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use issafe=html but don't actually ensure their input is safe. As of...
CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use issafe=html but don't actually ensure their input is safe. As of...
UBUNTU-CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use issafe=html but don't actually ensure their input is safe. As of...
CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters
Affected versions Symfony versions =2.0.0,4.4.51, =5.0.0,5.4.31, and =6.0.0,6.3.8 of the Symfony Twig Bridge are affected by this security issue. The issue has been fixed in Symfony 4.4.51, 5.4.31, 6.3.8. All other versions are not maintained anymore. Description Some filters in the CodeExtension...
CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters
More info at https://symfony.com/cve-2023-46734...
CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters
More info at https://symfony.com/cve-2023-46734...
CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering
More info at https://symfony.com/cve-2026-45072...