← Back to CVE List

CVE-2019-10909

Published: 2019-05-16T22:29Z
Last Modified: 2024-11-21T04:20Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt