Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2019-10909
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
| Software | From | Fixed in |
|---|---|---|
| sensiolabs / symfony | 4.2.0 | 4.2.7 |
| sensiolabs / symfony | 4.1.0 | 4.1.12 |
| sensiolabs / symfony | 3.4.0 | 3.4.26 |
| sensiolabs / symfony | 2.8.0 | 2.8.50 |
| sensiolabs / symfony | 2.7.0 | 2.7.51 |
| drupal / drupal | 8.5.0 | 8.5.15 |
| drupal / drupal | 8.6.0 | 8.6.15 |
symfony / symfony
|
2.7.0 | 2.7.51 |
|
symfony / symfony
|
2.8.0 | 2.8.50 |
|
symfony / symfony
|
3.0.0 | 3.4.26 |
|
symfony / symfony
|
4.0.0 | 4.1.12 |
|
symfony / symfony
|
4.2.0 | 4.2.7 |
|
symfony / framework-bundle
|
2.7.0 | 2.7.51 |
|
symfony / framework-bundle
|
2.8.0 | 2.8.50 |
|
symfony / framework-bundle
|
3.0.0 | 3.4.26 |
|
symfony / framework-bundle
|
4.0.0 | 4.1.12 |
|
symfony / framework-bundle
|
4.2.0 | 4.2.7 |
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
- https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
- https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
- https://symfony.com/cve-2019-10909
- https://www.drupal.org/sa-core-2019-005
- https://www.synology.com/security/advisory/Synology_SA_19_19