Description

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

Remediation

References

CVE-2019-10909

Related Vulnerabilities

Telerik Web UI Deserialization of Untrusted Data Vulnerability (CVE-2019-18935)

Atlassian Jira Improper Authentication Vulnerability (CVE-2022-0540)

Atlassian Confluence CVE-2020-29448 Vulnerability (CVE-2020-29448)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2080)

WordPress Plugin Easing Slider Multiple Cross-Site Scripting Vulnerabilities (2.2.0.6)

Severity

Medium

Classification

CVE-2019-10909 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities