The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3.
Metrics
Affected Vendors & Products
References
History
Wed, 09 Oct 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Sulu
Sulu suluformbundle |
|
CPEs | cpe:2.3:a:sulu:suluformbundle:*:*:*:*:*:*:*:* | |
Vendors & Products |
Sulu
Sulu suluformbundle |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-06-06T16:03:46.771Z
Updated: 2024-08-02T03:50:54.830Z
Reserved: 2024-06-03T17:29:38.329Z
Link: CVE-2024-37156
Vulnrichment
Updated: 2024-08-02T03:50:54.830Z
NVD
Status : Modified
Published: 2024-06-06T16:15:13.493
Modified: 2024-11-21T09:23:19.323
Link: CVE-2024-37156
Redhat
No data.