6 matches found
Session Hijacking
friendsofsymfony/user-bundle is vulnerable to session hijacking. The vulnerability is due to inadequate session management, which could allow an attacker to take over a users session...
Cross Site Scripting (XSS)
friendsofsymfony/rest-bundle is vulnerable to Cross Site Scripting XSS. The vulnerability is due to incorrect jsonp validation due to sanitizing the callback query param name rather than its value, which allows potentially malicious callback values to be processed, leading to Cross Site Scriping...
GHSA-XM3X-4PH3-3X9C friendsofsymfony/oauth2-php open redirection in oauth
An open redirection vulnerability has been identified in the friendsofsymfony/oauth2-php library, which could potentially expose users to unauthorized redirects during the OAuth authentication process. This vulnerability has been addressed by implementing an exact check for the domain and port,...
FriendsOfSymfony FOSUserBundle denial of service via login form
The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...
CVE-2013-5750
The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...
Design/Logic Flaw
The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...