7 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-46640
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig: Arbitrary PHP code execution via self. macro-reference compilation CVE-2026-46640 Note that Nessus relies on the presence of the package as reported by th...
Cross Site Scripting(XSS)
damienharper/auditor-bundle is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to failing to properly escape the %sourcelabel% in the Twig macro, allowing malicious script tags to be injected and executed within the application...
CVE-2024-45592
CVE-2024-45592 affects auditor-bundle (formerly DoctrineAuditBundle) used with Symfony 3.4+. The root cause is an unescaped %source_label% in the Twig macro, permitting Javascript injection and execution. Evidence across sources confirms this XSS vector and that patches are available in versions ...
CVE-2024-45592 auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...
CVE-2024-45592 auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...
GHSA-78VG-7V27-HJ67 auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
Summary Unescaped entity property enables Javascript injection. Details I think this is possible because %sourcelabel% in twig macro is not escaped. Therefore script tags can be inserted and are executed. PoC - clone example project https://github.com/DamienHarper/auditor-bundle-demo - create...
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
Summary Unescaped entity property enables Javascript injection. Details I think this is possible because %sourcelabel% in twig macro is not escaped. Therefore script tags can be inserted and are executed. PoC - clone example project https://github.com/DamienHarper/auditor-bundle-demo - create...