Filtered by vendor Damienharper
Subscriptions
Filtered by product Auditor-bundle
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45592 | 1 Damienharper | 1 Auditor-bundle | 2024-09-18 | 8.2 High |
| auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because `%source_label%` in twig macro is not escaped. Therefore script tags can be inserted and are executed. The vulnerability is fixed in versions 6.0.0 and 5.2.6. | ||||
Page 1 of 1.