Description

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

Remediation

References

CVE-2019-10909

Related Vulnerabilities

Oracle JRE CVE-2017-10274 Vulnerability (CVE-2017-10274)

WordPress Plugin BezahlCode-Generator 'gen_name' Parameter Cross-Site Scripting (1.0)

Apache HTTP Server CVE-2012-0883 Vulnerability (CVE-2012-0883)

Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.9.24)

WordPress Plugin Rezgo Online Booking Cross-Site Scripting (1.8.6)

Severity

Medium

Classification

CVE-2019-10909 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities