VYPR
Medium severity6.1OSV Advisory· Published Jun 13, 2018· Updated Jun 17, 2026

CVE-2018-12040

CVE-2018-12040

Description

Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Sensiolabs/SymfonyOSV2 versions
    v2.0.0, v2.0.0-RC1, v2.0.0-RC2, …+ 1 more
    • (no CPE)range: v2.0.0, v2.0.0-RC1, v2.0.0-RC2, …
    • (no CPE)range: = 3.3.6

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.