5.3
CVE-2024-10927 - MonoCMS Account Information Page account.php cross site scripting
A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. It is possible to launch tβ¦
7.3
CVE-2024-50340 - Ability to change environment from query in symfony/runtime
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode usedβ¦
3.1
CVE-2024-50341 - Security::login does not take into account custom user_checker in symfony/security-bundle
symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading β¦
3.1
CVE-2024-50342 - Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client
symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enuβ¦
3.1
CVE-2024-50343 - Incorrect response from Validator when input ends with `\n` in symfony/validator
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses thβ¦
5.3
CVE-2024-10926 - IBPhoenix ibWebAdmin Tabelas Section toggle_fold_panel.php cross site scripting
A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Section. The manipulation of the argument p leads to cross site scripting. The attack may be initiated β¦
3.1
CVE-2024-50345 - Open redirect via browser-sanitized URLs in symfony/http-foundation
symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` claβ¦
0
CVE-2024-51736 - Command execution hijack on Windows with Process class in symfony/process
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijackβ¦
4.3
CVE-2024-10941 - firefox: Browser crash from invalid URI
A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.
2.2
CVE-2024-51754 - Unguarded calls to __toString() when nesting an object into an array in Twig
Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has beenβ¦