2 matches found
PT-2023-24213 · Craft · Craft
Name of the Vulnerable Software and Affected Versions: Craft versions prior to 4.4.7 Description: Cross-site scripting XSS can be triggered by review volumes. The issue is related to the index.php?p=admin/actions/asset-indexes/process-indexing-session function, where the skippedEntries and...
PT-2020-18365 · Symfony · Symfony Security Http
Name of the Vulnerable Software and Affected Versions: symfony/security-http versions 4.4.0 through 4.4.6 symfony/security-http versions 5.0.0 through 5.0.6 Description: The issue arises when a Firewall checks access control rules using the unanimous strategy. In affected versions, the Firewall...