VYPR
Moderate severityNVD Advisory· Published Nov 10, 2023· Updated Sep 3, 2024

Symfony potential Cross-site Scripting in WebhookController

CVE-2023-46735

Description

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any user-submitted input in its response.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
symfony/webhookPackagist
>= 6.3.0, < 6.3.86.3.8
symfony/symfonyPackagist
>= 6.3.0, < 6.3.86.3.8

Affected products

10

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.