EUVD-2023-2904

Malicious code in bioql PyPI...

BIT-SYMFONY-2023-46735

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any...

Cross-Site-Scripting (XSS)

symfony is vulnerable to Cross Site Scripting. The vulnerability is due to a lack of validation in the webhookcontroller. The error message in WebhookController returns unescaped user-submitted input. An attacker can potentially trick a victim into clicking a link which will execute arbitrary...

GHSA-72X2-5C85-6WMR Symfony potential Cross-site Scripting in WebhookController

Description The error message in WebhookController returns unescaped user-submitted input. Resolution WebhookController now doesn't return any user-submitted input in its response. The patch for this issue is available here for branch 6.3. Credits We would like to thank Maxime Aknin for reporting...

Symfony potential Cross-site Scripting in WebhookController

Description The error message in WebhookController returns unescaped user-submitted input. Resolution WebhookController now doesn't return any user-submitted input in its response. The patch for this issue is available here for branch 6.3. Credits We would like to thank Maxime Aknin for reporting...

CVE-2023-46735

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any...

CVE-2023-46735

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any...

Input validation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any...

CVE-2023-46735

CVE-2023-46735 concerns the Symfony PHP framework. From version 6.0.0 up to, but not including, 6.3.8, the error message in WebhookController exposed unescaped user-submitted input in responses. As of 6.3.8, Symfony’s WebhookController no longer returns any user-submitted input in its response, m...

CVE-2023-46735

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any...

CVE-2023-46735 Symfony potential Cross-site Scripting in WebhookController

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any...

CVE-2023-46735 Symfony potential Cross-site Scripting in WebhookController

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any...

CVE-2023-46735 Symfony potential Cross-site Scripting in WebhookController

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any...

CVE-2023-46735: Potential XSS in WebhookController

More info at https://symfony.com/cve-2023-46735...

CVE-2023-46735: Potential XSS in WebhookController

More info at https://symfony.com/cve-2023-46735...

CVE-2023-46733: Potential XSS in WebhookController

More info at https://symfony.com/cve-2023-46733...