Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:16 a.m.9 views

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

6.1CVSS5.9AI score0.01315EPSS
Exploits3References1
OSV
OSV
added 2019/12/29 7:15 p.m.8 views

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

6.1CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2019/12/29 7:15 p.m.22 views

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

6.1CVSS5.9AI score0.007EPSS
Exploits1References1
Prion
Prion
added 2019/12/29 7:15 p.m.24 views

Design/Logic Flaw

DISPUTED Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

4.3CVSS5.9AI score0.01315EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2019/12/29 6:50 p.m.98 views

CVE-2019-20058

CVE-2019-20058 affects Bolt 3.7.0 when the Symfony Web Profiler is enabled. The issue is an XSS vulnerability caused by unsanitized input (search?search=) being reflected on the profiler page; the vulnerability is disputed since the profiler is not intended for production use. Related to CVE-2018...

6.1CVSS5.8AI score0.007EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/12/29 6:50 p.m.24 views

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

6AI score0.007EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/12/29 12:0 a.m.4 views

PT-2019-16071 · Symfony +1 · Symfony Webprofiler +1

Name of the Vulnerable Software and Affected Versions: Bolt version 3.7.0 Description: The issue allows for XSS because unsanitized search input is shown on the profiler page when Symfony Web Profiler is used. It is noted that this issue is disputed as profiling was never intended for use in...

6.1CVSS6.2AI score0.007EPSS
Exploits1References3
NVD
NVD
added 2018/06/13 10:29 p.m.24 views

CVE-2018-12040

Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should...

6.1CVSS6AI score0.01315EPSS
Exploits2References2
Rows per page
Query Builder