Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-45592 | 1 Damienharper | 1 Auditor-bundle | 2024-09-20 | N/A | 6.1 MEDIUM |
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because `%source_label%` in twig macro is not escaped. Therefore script tags can be inserted and are executed. The vulnerability is fixed in versions 6.0.0 and 5.2.6. |