Vulnerabilities > Sensiolabs > Symfony > 2.3.38
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-10 | CVE-2023-46734 | Cross-site Scripting vulnerability in Sensiolabs Symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. | 6.1 |
| 2023-02-03 | CVE-2022-24894 | Improper Authorization vulnerability in Sensiolabs Symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. | 8.8 |
| 2023-02-03 | CVE-2022-24895 | Session Fixation vulnerability in Sensiolabs Symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. | 8.8 |
| 2022-02-01 | CVE-2022-23601 | Cross-Site Request Forgery (CSRF) vulnerability in Sensiolabs Symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. | 6.8 |
| 2018-07-20 | CVE-2017-18343 | Cross-site Scripting vulnerability in Sensiolabs Symfony The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. | 6.1 |
| 2016-06-01 | CVE-2016-4423 | Resource Management Errors vulnerability in multiple products The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. | 5.0 |