PT-2019-16071 · Bolt+1 · Bolt+1
007-Prankster
·
Publicado
2019-12-29
·
Atualizado
2024-08-05
·
CVE-2019-20058
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Bolt version 3.7.0
Description
The issue allows for XSS because unsanitized
search input is shown on the profiler page when Symfony Web Profiler is used. It is noted that this issue is disputed as profiling was never intended for use in production.Recommendations
For Bolt version 3.7.0, consider disabling the Symfony Web Profiler in production environments to minimize the risk of exploitation. As a temporary workaround, avoid using the
search input in the profiler page until the issue is resolved.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bolt
Symfony Webprofiler