CVE-2024-45592 - "Symphony Auditor-Bundle Unescaped Entity Property JavaScript Injection"

2 months ago 24
ARTICLE AD BOX
CVE ID : CVE-2024-45592
Published : Sept. 10, 2024, 4:15 p.m. | 24 minutes ago
Description : auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to 6.0.0, there is an unescaped entity property enabling Javascript injection. This is possible because %source_label% in twig macro is not escaped. Therefore script tags can be inserted and are executed. The vulnerability is fixed in 6.0.0.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article