Cross-Site Scripting (XSS) Vulnerability in Symfony Framework Bundle

Cross-Site Scripting (XSS) Vulnerability in Symfony Framework Bundle

CVE-2019-10909 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

Learn more about our User Device Pen Test.