CVE-2019-10909
N/A
N/A
Summary
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.synology.com/security/advisory/Synology_SA_19_19
- https://www.drupal.org/sa-core-2019-005
- https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
- https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
References
- https://www.synology.com/security/advisory/Synology_SA_19_19
- https://www.drupal.org/sa-core-2019-005
- https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
- https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.