The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-06-06T16:03:46.771Z
Updated: 2024-06-06T16:03:46.771Z
Reserved: 2024-06-03T17:29:38.329Z
Link: CVE-2024-37156
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-06-06T16:15:13.493
Modified: 2024-06-07T14:56:05.647
Link: CVE-2024-37156
JSON object: View
Redhat Information
No data.