007-Prankster

**Name of the Vulnerable Software and Affected Versions** Bolt version 3.7.0 **Description** The issue allows for XSS because unsanitized `search` input is shown on the profiler page when Symfony Web Profiler is used. It is noted that this issue is disputed as profiling was never intended for use in production. **Recommendations** For Bolt version 3.7.0, consider disabling the Symfony Web Profiler in production environments to minimize the risk of exploitation. As a temporary workaround, avoid using the `search` input in the profiler page until the issue is resolved.