6 matches found
CVE-2026-8139 Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with...
CVE-2026-8139
Concrete CMS versions 9.5.0 and earlier are vulnerable to stored XSS on the external-link page cvName due to updateCollectionAliasExternal bypassing sanitization. The issue is triggered by the sanitize bypass in updateCollectionAliasExternal, enabling stored scripts delivered to users. Affected p...
CVE-2026-8139 Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with...
PT-2026-44149
Name of the Vulnerable Software and Affected Versions Symfony versions prior to 5.4 Description The SymfonyComponentYamlParser resolves YAML aliases during parsing. Aliases referencing collections, such as arrays, stdClass, or TaggedValue-wrapped collections, can point to other collections...
CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
More info at https://symfony.com/cve-2026-45304...
CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
More info at https://symfony.com/cve-2026-45304...