CVE-2019-10909
EUVD-2019-074916.05.2019, 22:29
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| sensiolabs | symfony | 2.7.0 ≤ 𝑥 < 2.7.51 |
| sensiolabs | symfony | 2.8.0 ≤ 𝑥 < 2.8.50 |
| sensiolabs | symfony | 3.4.0 ≤ 𝑥 < 3.4.26 |
| sensiolabs | symfony | 4.1.0 ≤ 𝑥 < 4.1.12 |
| sensiolabs | symfony | 4.2.0 ≤ 𝑥 < 4.2.7 |
| drupal | drupal | 8.5.0 ≤ 𝑥 < 8.5.15 |
| drupal | drupal | 8.6.0 ≤ 𝑥 < 8.6.15 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| drupal7 |
| ||||||||||||||||||||||||||||||
| symfony |
|
References