Количество 255
Количество 255
GHSA-mjcw-3g32-5p52
** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues)."
GHSA-mcx4-f5f5-4859
Prevent cache poisoning via a Response Content-Type header in Symfony
GHSA-m884-279h-32v2
Exceptions displayed in non-debug configurations in Symfony
GHSA-m2wj-r6g3-fxfx
Symfony possible session fixation vulnerability
GHSA-jjx5-fq5g-8xpc
Symfony Cryptographic Vulnerability
GHSA-j5jh-hpr4-h332
Symfony Session Fixation Vulnerability
GHSA-hf4c-m2jg-33qx
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.
GHSA-h7vf-5wrv-9fhv
Symfony storing cookie headers in HttpCache
GHSA-g97c-jfx6-xvxh
Symfony Vulnerable to Timing Attack
GHSA-g4rg-rw65-8hfg
Symfony Session Fixation Vulnerability
GHSA-g4m9-5hpf-hx72
Firewall configured with unanimous strategy was not actually unanimous in Symfony
GHSA-g4g7-q726-v5hg
Symfony CSRF Token Fixation
GHSA-cr49-fx2v-9p57
Symfony Denial of Service Via Long Password Hashing
GHSA-cqqh-94r6-wjrg
Symfony SSRF Vulnerability via Form Component
GHSA-c49r-8gj6-768r
Symfony Directory Traversal
GHSA-9j54-wmcm-g7mf
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
GHSA-92x6-h2gr-8gxq
Symfony CSRF Vulnerability
GHSA-89r2-5g34-2g47
Symfony Open Redirect
GHSA-89cp-fvcc-hxh7
Symfony Access Control Vulnerability
GHSA-83c3-qx27-2rwr
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-mjcw-3g32-5p52 ** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues)." | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-mcx4-f5f5-4859 Prevent cache poisoning via a Response Content-Type header in Symfony | CVSS3: 2.6 | 0% Низкий | больше 5 лет назад |
| GHSA-m884-279h-32v2 Exceptions displayed in non-debug configurations in Symfony | CVSS3: 4.6 | 0% Низкий | больше 5 лет назад |
| GHSA-m2wj-r6g3-fxfx Symfony possible session fixation vulnerability | CVSS3: 6.5 | 1% Низкий | почти 2 года назад |
| GHSA-jjx5-fq5g-8xpc Symfony Cryptographic Vulnerability | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| GHSA-j5jh-hpr4-h332 Symfony Session Fixation Vulnerability | CVSS3: 3.1 | 0% Низкий | больше 3 лет назад |
| GHSA-hf4c-m2jg-33qx lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. | 0% Низкий | больше 3 лет назад | |
| GHSA-h7vf-5wrv-9fhv Symfony storing cookie headers in HttpCache | CVSS3: 5.9 | 0% Низкий | почти 3 года назад |
| GHSA-g97c-jfx6-xvxh Symfony Vulnerable to Timing Attack | 1% Низкий | больше 3 лет назад | |
| GHSA-g4rg-rw65-8hfg Symfony Session Fixation Vulnerability | CVSS3: 8.1 | 1% Низкий | больше 3 лет назад |
| GHSA-g4m9-5hpf-hx72 Firewall configured with unanimous strategy was not actually unanimous in Symfony | CVSS3: 7.6 | 0% Низкий | больше 5 лет назад |
| GHSA-g4g7-q726-v5hg Symfony CSRF Token Fixation | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| GHSA-cr49-fx2v-9p57 Symfony Denial of Service Via Long Password Hashing | 0% Низкий | больше 3 лет назад | |
| GHSA-cqqh-94r6-wjrg Symfony SSRF Vulnerability via Form Component | CVSS3: 6.5 | 1% Низкий | больше 3 лет назад |
| GHSA-c49r-8gj6-768r Symfony Directory Traversal | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
| GHSA-9j54-wmcm-g7mf Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." | 1% Низкий | больше 3 лет назад | |
| GHSA-92x6-h2gr-8gxq Symfony CSRF Vulnerability | CVSS3: 5.9 | 0% Низкий | больше 3 лет назад |
| GHSA-89r2-5g34-2g47 Symfony Open Redirect | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-89cp-fvcc-hxh7 Symfony Access Control Vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-83c3-qx27-2rwr Symfony Allows URI Restrictions Bypass Via Double-Encoded String | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу