The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3.
References
Configurations
History
21 Nov 2024, 09:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/sulu/SuluFormBundle/commit/3f341b71a7309cbc8fd2c5bff894c654d1679b17 - Patch | |
References | () https://github.com/sulu/SuluFormBundle/security/advisories/GHSA-rrvc-c7xg-7cf3 - Vendor Advisory |
09 Oct 2024, 15:08
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sulu:suluformbundle:*:*:*:*:*:*:*:* | |
References | () https://github.com/sulu/SuluFormBundle/commit/3f341b71a7309cbc8fd2c5bff894c654d1679b17 - Patch | |
References | () https://github.com/sulu/SuluFormBundle/security/advisories/GHSA-rrvc-c7xg-7cf3 - Vendor Advisory | |
First Time |
Sulu
Sulu suluformbundle |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 16:15
Updated : 2024-11-21 09:23
NVD link : CVE-2024-37156
Mitre link : CVE-2024-37156
CVE.ORG link : CVE-2024-37156
JSON object : View
Products Affected
sulu
- suluformbundle