CVE-2024-37156

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-37156

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-37156.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-37156

Aliases

GHSA-rrvc-c7xg-7cf3

Related

GHSA-rrvc-c7xg-7cf3

Published

2024-06-06T16:15:13Z

Modified

2025-01-08T16:12:36.566931Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3.

References

Affected packages

Git / github.com/sulu/suluformbundle

Affected ranges

Type: GIT
Repo: https://github.com/sulu/suluformbundle
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3f341b71a7309cbc8fd2c5bff894c654d1679b17

Fixed

3f341b71a7309cbc8fd2c5bff894c654d1679b17

Affected versions

0.*

0.1.0

0.1.1

0.2.0

0.2.1

0.2.2

0.2.3

0.3.0

0.3.1

0.3.2

0.4.0

1.*

1.0.0

1.0.0-RC1

1.0.0-RC2

1.0.0-RC3

1.0.0-RC4

1.0.0-RC5

1.0.0-RC6

1.0.0-RC7

1.0.1

1.1.0

1.2.0

2.*

2.0.0

2.1.0

2.1.1

2.1.2

2.1.3

2.2.0

2.2.1

2.3.0

2.4.0

2.5.0

2.5.1

2.5.2