CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

Snyk•added 2026/05/20 3:35 p.m.•5 views

Cross-site Scripting (XSS)

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CodeExtension::fileExcerpt function in WebProfiler. An attacker can execute arbitrary JavaScript code in the...

5.4CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/20 3:35 p.m.•6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CodeExtension::fileExcerpt function in WebProfiler. An attacker can execute arbitrary JavaScript code in the context of affected users by sending a specially crafted non-PHP files with \n that avoids HTM...

5.4CVSS5.8AI score

Exploits0References2

RedhatCVE•added 2025/05/22 9:16 a.m.•6 views

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

6.1CVSS5.9AI score0.00328EPSS

Exploits3References1

OSV•added 2024/05/30 1:0 p.m.•22 views

GHSA-V35G-4RRW-H4FW Symfony Cross-Site Request Forgery vulnerability in the Web Profiler

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony WebProfiler bundle are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore...

8.1CVSS6.7AI score

Exploits0References6

Github Security Blog•added 2024/05/30 1:0 p.m.•20 views

Symfony Cross-Site Request Forgery vulnerability in the Web Profiler

7.8AI score

Exploits0References7Affected Software2

Positive Technologies•added 2024/05/30 12:0 a.m.•2 views

PT-2024-10559 · Symfony · Symfony Webprofiler

Name of the Vulnerable Software and Affected Versions: Symfony WebProfiler bundle versions 2.0.X through 2.5.X Description: The Symfony Web Profiler, a development tool, should not be enabled on production servers due to the sensitive information it provides about a Symfony project. If enabled in...

8.1CVSS7.3AI score

Exploits0References7

OSV•added 2019/12/29 7:15 p.m.•5 views

CVE-2019-20058

6.1CVSS5.9AI score

Exploits0References1

NVD•added 2019/12/29 7:15 p.m.•9 views

CVE-2019-20058

6.1CVSS5.9AI score0.00328EPSS

Exploits2References1

Prion•added 2019/12/29 7:15 p.m.•18 views

Design/Logic Flaw

DISPUTED Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

4.3CVSS5.9AI score0.00328EPSS

Exploits3References1Affected Software1

Cvelist•added 2019/12/29 6:50 p.m.•11 views

CVE-2019-20058

6AI score0.00328EPSS

Exploits2References1

CVE•added 2019/12/29 6:50 p.m.•87 views

CVE-2019-20058

CVE-2019-20058 affects Bolt 3.7.0 when the Symfony Web Profiler is enabled. The issue is an XSS vulnerability caused by unsanitized input (search?search=) being reflected on the profiler page; the vulnerability is disputed since the profiler is not intended for production use. Related to CVE-2018...

6.1CVSS5.8AI score0.00328EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2019/12/29 12:0 a.m.•3 views

PT-2019-16071 · Symfony +1 · Symfony Webprofiler +1

Name of the Vulnerable Software and Affected Versions: Bolt version 3.7.0 Description: The issue allows for XSS because unsanitized search input is shown on the profiler page when Symfony Web Profiler is used. It is noted that this issue is disputed as profiling was never intended for use in...

6.1CVSS6.2AI score0.00328EPSS

Exploits2References3

CNVD•added 2018/06/19 12:0 a.m.•2 views

Sensio Labs Symfony Web profiler Cross-Site Scripting Vulnerability

Sensio Labs Symfony is a French company Sensio Labs free , MVC-based PHP development framework , which provides commonly used functional components and tools , can be used to quickly create complex Web programs . Web profiler is one of the Symfony configuration management components . A cross-sit...

6.1CVSS5.8AI score0.00287EPSS

Exploits2References1

OSV•added 2018/06/13 10:29 p.m.•2 views

DEBIAN-CVE-2018-12040

Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should...

6.1CVSS5.7AI score0.00287EPSS

Exploits2References1

NVD•added 2018/06/13 10:29 p.m.•10 views

CVE-2018-12040

6.1CVSS6AI score0.00287EPSS

Exploits2References2

Prion•added 2018/06/13 10:29 p.m.•15 views

Cross site scripting

DISPUTED Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool th...

4.3CVSS5.9AI score0.00287EPSS

Exploits2References2Affected Software1

OSV•added 2018/06/13 10:29 p.m.•5 views

CVE-2018-12040

6.1CVSS5.8AI score

Exploits0References2

OSV•added 2018/06/13 10:29 p.m.•0 views

UBUNTU-CVE-2018-12040

6.1CVSS5.9AI score0.00287EPSS

Exploits2References4