Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-72x2-5c85-6wmr: Symfony potential Cross-site Scripting in WebhookController

Description

The error message in WebhookController returns unescaped user-submitted input.

Resolution

WebhookController now doesn’t return any user-submitted input in its response.

The patch for this issue is available here for branch 6.3.

Credits

We would like to thank Maxime Aknin for reporting the issue and to Nicolas Grekas for providing the fix.

ghsa
Open in Source
#xss#web#git

Symfony potential Cross-site Scripting in WebhookController

Moderate severity GitHub Reviewed Published Nov 10, 2023 in symfony/symfony • Updated Nov 12, 2023

Related news

CVE-2023-46735: Potential XSS in WebhookController

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now doesn't return any user-submitted input in its response.

ghsa: Latest News

GHSA-76mw-6p95-x9x5: pac4j-core affected by a Java deserialization vulnerability
ghsa