← voltar
CVE-2019-10909

CVE-2019-10909

EPSS 1.0%
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-enginehttps://www.drupal.org/sa-core-2019-005https://www.synology.com/security/advisory/Synology_SA_19_19