Vulnerabilities

CVE-2019-10909

by Fred · 16/05/2019

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

Date published : 2019-05-16

https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2

https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine

Similar

Tags: Cybersecurity Alert