The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3.
History

Wed, 09 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Sulu
Sulu suluformbundle
CPEs cpe:2.3:a:sulu:suluformbundle:*:*:*:*:*:*:*:*
Vendors & Products Sulu
Sulu suluformbundle

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-06-06T16:03:46.771Z

Updated: 2024-08-02T03:50:54.830Z

Reserved: 2024-06-03T17:29:38.329Z

Link: CVE-2024-37156

cve-icon Vulnrichment

Updated: 2024-08-02T03:50:54.830Z

cve-icon NVD

Status : Modified

Published: 2024-06-06T16:15:13.493

Modified: 2024-11-21T09:23:19.323

Link: CVE-2024-37156

cve-icon Redhat

No data.