CVE-2024-37156

Published June 6th, 2024

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3.

sulu/SuluFormBundle

Form Bundle for handling Dynamic and Symfony Forms in https://sulu.io

GitHub