Fkropfhamer

Name of the Vulnerable Software and Affected Versions: auditor-bundle versions prior to 5.2.6 auditor-bundle versions prior to 6.0.0 Description: The issue is related to an unescaped entity property that enables Javascript injection. This is possible because `%source label%` in the twig macro is not escaped, allowing script tags to be inserted and executed. The impact of this issue is a persistent XSS, where JS can be injected and executed. Recommendations: For versions prior to 5.2.6, update to version 5.2.6 or later. For versions prior to 6.0.0, update to version 6.0.0 or later. As a temporary workaround, consider disabling the use of the `%source label%` variable in the twig macro until a patch is available. Restrict access to the audit functionality to minimize the risk of exploitation.