13 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-10909
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead...
PT-2024-10554 · Symfony · Symfony Frameworkbundle
Name of the Vulnerable Software and Affected Versions: Symfony FrameworkBundle affected versions not specified Description: A code injection issue was found in the way Symfony implements translation caching in FrameworkBundle. The issue arises when using the Symfony translation system and not...
CVE-2024-21665 Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in...
Pimcore Security Vulnerability
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, ecommerce framework and product information management applications. A security vulnerability exists in Pimcore...
CSV Injection
pimcore/customer-management-framework-bundle is vulnerable to CSV Injection. The vulnerability exists because the getExportData function of AbstractExporter.php does not properly escape CSV records in the Firstname, Lastname, Street, Zip & City input fields, which allows an attacker to inject and...
The vulnerability of the message validation function in symfony/framework-bundle of the Symfony software development and web application management platform lies in the lack of measures to protect website structures, allowing attackers to carry out XSS attacks.
The vulnerability of the message validation function in symfony/framework-bundle of the Symfony software development and web application management platform is related to the lack of measures to protect website structures. Exploiting this vulnerability could allow a malicious actor to execute XSS...
GHSA-G996-Q5R8-W7G2 Symfony Cross-site Scripting (XSS) vulnerability
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...
Input validation
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...
UBUNTU-CVE-2019-10909
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...
CVE-2019-10909
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...
CVE-2019-10909
The CVE affects Symfony framework-bundle: 2.x up to 2.7.51, 2.8.x up to 2.8.50, 3.x up to 3.4.26, 4.x up to 4.1.12, and 4.2.x up to 4.2.7. Root cause: validation messages are not escaped in the PHP templating engine, enabling XSS when user input is included. Impact: cross-site scripting in applic...
CVE-2019-10909
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...
CVE-2019-10909: Escape validation messages in the PHP templating engine
Affected versions Symfony 2.7.0 to 2.7.50, 2.8.0 to 2.8.49, 3.4.0 to 3.4.25, 4.1.0 to 4.1.11 and 4.2.0 to 4.2.6 versions of Symfony Framework Bundle templating are affected by this security issue. The issue has been fixed in Symfony 2.7.51, 2.8.50, 3.4.26, 4.1.12 and 4.2.7. Note that no fixes are...