2 matches found
CVE-2024-45592
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...
CVE-2024-45592
CVE-2024-45592 affects auditor-bundle (formerly DoctrineAuditBundle) used with Symfony 3.4+. The root cause is an unescaped %source_label% in the Twig macro, permitting Javascript injection and execution. Evidence across sources confirms this XSS vector and that patches are available in versions ...