VulnerableCode Vulnerability Details - VCID-1cfx-7tug-qkau

Search for vulnerabilities

Vulnerability details: VCID-1cfx-7tug-qkau

Essentials
Severities (1)
References (3)
Severity details (0)
Exploits (0)
EPSS
History (2)

Vulnerability ID	VCID-1cfx-7tug-qkau
Aliases	CVE-2017-18343
Summary	The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar
Status	Disputed
Exploitability	0.5
Weighted Severity	0.0
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00504	https://api.first.org/data/v1/epss?cve=CVE-2017-18343

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2017-18343
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343
CVE-2017-18343		https://nvd.nist.gov/vuln/detail/CVE-2017-18343

No exploits are available.

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Percentile	0.65121
EPSS Score	0.00504
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T18:05:53.952905+00:00	NVD CVE Status Improver	Improve	https://cveawg.mitre.org/api/cve/CVE-2017-18343	36.1.3
2025-07-01T13:54:30.821903+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	36.1.3