Vulnerabilities (CVE)

Filtered by vendor Damienharper Subscribe
Filtered by product Auditor-bundle
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-45592 1 Damienharper 1 Auditor-bundle 2024-09-20 N/A 6.1 MEDIUM
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because `%source_label%` in twig macro is not escaped. Therefore script tags can be inserted and are executed. The vulnerability is fixed in versions 6.0.0 and 5.2.6.