Description
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP eCommerce 'cs1' Parameter SQL Injection (3.8.6)
WordPress Plugin MailPoet Newsletters (Previous) SQL Injection (2.2)
WordPress Plugin Easy Google Maps Cross-Site Scripting (1.9.33)
WordPress Plugin YITH WooCommerce Multi Vendor Cross-Site Scripting (3.8.0)
WordPress Plugin Font Uploader 'font-upload.php' Arbitrary File Upload (1.2.4)