cve/CVE-2023-41336.md at 8d17e0c8f8dcf0cf9abdcefadf7dbc6d73d1b980

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. The problem has been fixed in symfony/ux-autocomplete version 2.11.2.

POC

Reference

https://symfony.com/bundles/ux-autocomplete/current/index.html#usage-in-a-form-with-ajax

Github

No PoCs found on GitHub currently.

863 B Raw Blame History

CVE-2023-41336

Description

POC

Reference

Github

863 B

Raw Blame History