Class-Name Injection

Tested on 1.8.0-beta-5 In safe mode with html markup disabled, it is possible to insert any classname into a code block like this: \js any-class-name with spaces code \ renders as: code infostring needs some cleanup here:...

Critical - Third Party Libraries

More info at https://www.drupal.org/sa-core-2019-001...

Drupal core - Less critical - Access bypass - SA-CORE-2020-006

More info at https://www.drupal.org/sa-core-2020-006...

CVE-2019-12186: XSS injection in the Grid component

More info at https://sylius.com/blog/cve-2019-12186/...

Deserialization Gadget chain in Swift Mailer

Summary Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. Details This vulnerability present no direct threat but is a vector that will enable remote code executio...

CVE-2020-15245: Ability to switch customer email address on account detail page and stay verified

Impact The user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any...

CVE-2019-18887: Use constant time comparison in UriSigner

More info at https://symfony.com/cve-2019-18887...

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2024-50342...

PHP file inclusion via insert tags

More info at https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html...

CVE-2019-18886: Prevent user enumeration using switch user functionality

More info at https://symfony.com/cve-2019-18886...

CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

More info at https://symfony.com/cve-2026-45067...

CVE-2019-10911: Add a separator in the remember me cookie hash

More info at https://symfony.com/cve-2019-10911...

CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2026-48736...

CVE-2023-44401 View permissions are bypassed for paginated lists of ORM data in GraphQL queries

More info at https://www.silverstripe.org/download/security-releases/CVE-2023-44401...

TYPO3-EXT-SA-2023-002: Persisted Cross-Site Scripting in extension "Forms Export" (frp_form_answers)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-002...

TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering

More info at https://typo3.org/security/advisory/typo3-core-sa-2023-001...

CVE-2022-24895: Possible CSRF token fixation

More info at https://symfony.com/cve-2022-24895...

TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-014...

TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-010...

Missing input validation can lead to command execution in composer

The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used. This led to a vulnerability on Packagist.or...

CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request

More info at https://symfony.com/cve-2021-41267...

TYPO3-CORE-SA-2021-009: Cross-Site Scripting in Page Preview

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-009...

TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-006...

XSS Vulnerability in HTML Writer

This is: - X a bugfix - a new feature Checklist: - X Changes are covered by unit tests - X Code style is respected - X Commit message explains why the change is made see https://github.com/erlang/otp/wiki/Writing-good-commit-messages - X CHANGELOG.md contains a short summary of the change -...

CVE-2020-9311: Malicious user profile information can cause login form XSS

More info at https://www.silverstripe.org/download/security-releases/cve-2020-9311/...

CVE-2019-19326: Web Cache Poisoning through HTTPRequestBuilder

More info at https://www.silverstripe.org/download/security-releases/cve-2019-19326/...

CVE-2020-5275: All rules set in "access_control" are required when the firewall is configured with the unanimous strategy

More info at https://symfony.com/cve-2020-5275...

Insecure Deserialization in Query Generator &amp; Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-026...

PRODSECBUG-2392: Cross-Site Scripting via PageBuilder Banner

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

CVE-2019-12204: Missing warning on install.php on public webroot can lead to unauthenticated admin access

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12204/...

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-015...

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-015...

PRODSECBUG-2363: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

PRODSECBUG-2183: Stored cross-site scripting in admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

PRODSECBUG-2298: Arbitrary code execution through product imports and design layout update

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

PRODSECBUG-2233: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

PRODSECBUG-2387: Cross site request forgery attacks are possible via the gift card removal feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

Potential enwiki DOS due to slow WatchedItemStore::countVisitingWatchersMultiple

More info at https://phabricator.wikimedia.org/T204729...

CVE-2018-11386: Denial of service when using PDOSessionHandler

More info at https://symfony.com/cve-2018-11386...

Cross-site scripting (XSS) vulnerability in the system log of the back end

More info at https://contao.org/en/news/contao-3535.html...

Private file access bypass.

More info at https://www.drupal.org/SA-CORE-2018-001...

Comment reply form allows access to restricted content.

More info at https://www.drupal.org/SA-CORE-2018-001...

XSS vulnerabililty in the front end "unsubscribe" module of the newsletter extension

More info at https://contao.org/en/news/contao-3532.html...

CVE-2017-16652: Open redirect vulnerability on security handlers

More info at https://symfony.com/cve-2017-16652...

CVE-2017-16652: Open redirect vulnerability on security handlers

More info at https://symfony.com/cve-2017-16652...

Entity access bypass for entities that do not have UUIDs or have protected revisions.

More info at https://www.drupal.org/SA-CORE-2017-004...

PECL YAML parser unsafe object handling

More info at https://www.drupal.org/SA-CORE-2017-003...

File REST resource does not properly validate

More info at https://www.drupal.org/SA-CORE-2017-003...

Users without "Administer comments" can set comment visibility on nodes they can edit

More info at https://www.drupal.org/SA-CORE-2016-004...

CVE-2016-4423: Large username storage in session

More info at https://symfony.com/cve-2016-4423...