PT-2019-16071 · Symfony +1 · Symfony Webprofiler +1

Name of the Vulnerable Software and Affected Versions: Bolt version 3.7.0 Description: The issue allows for XSS because unsanitized search input is shown on the profiler page when Symfony Web Profiler is used. It is noted that this issue is disputed as profiling was never intended for use in...

PT-2018-10962 · Sensiolabs · Symfony

Name of the Vulnerable Software and Affected Versions: SensioLabs Symfony version 3.3.6 Description: A reflected Cross-site scripting XSS issue exists in the web profiler, allowing remote attackers to inject arbitrary web script or HTML via the file parameter in an profiler/open?file= URI. The...