CVE-2019-10909

Published May 16th, 2019

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

3.5

LOW

Affected

PROJECT

Description

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

symfony/symfony

The Symfony PHP framework

GitHub

31.1K