In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

osv 4

prion 1

cve 1

friendsofphp 4

ubuntucve 1

symfony 1

github 1

debiancve 1

veracode 1

openvas 8

nessus 12

fedora 11

freebsd 1

thn 1

drupal 1

debian 3

ibm 1

osv

Symfony Cross-site Scripting (XSS) vulnerability

2019-11-12 23:00:53

CVE-2019-10909

2019-05-16 22:29:00

symfony - security update

2019-05-06 00:00:00

prion

Input validation

2019-05-16 22:29:00

cve

CVE-2019-10909

2019-05-16 22:29:00

friendsofphp

Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005

1970-01-01 00:00:00

CVE-2019-10909: Escape validation messages in the PHP templating engine

1970-01-01 00:00:00

CVE-2019-10909: Escape validation messages in the PHP templating engine

1970-01-01 00:00:00

ubuntucve

CVE-2019-10909

2019-05-16 00:00:00

symfony

CVE-2019-10909: Escape validation messages in the PHP templating engine

2019-04-17 00:00:00

github

Symfony Cross-site Scripting (XSS) vulnerability

2019-11-12 23:00:53

debiancve

CVE-2019-10909

2019-05-16 22:29:00

veracode

Cross-site Scripting (XSS)

2019-04-18 04:55:27

openvas

Drupal 8.x Multiple Vulnerabilities (SA-CORE-2019-005) - Linux

2019-04-24 00:00:00

Drupal 8.x Multiple Vulnerabilities (SA-CORE-2019-005) - Windows

2019-04-24 00:00:00

Debian: Security Advisory (DLA-1778-1)

2019-05-07 00:00:00

nessus

FreeBSD : drupal -- Drupal core - Moderately critical (2bad8b5d-66fb-11e9-9815-78acc0a3b880)

2019-04-25 00:00:00

Drupal 7.x < 7.66 / 8.5.x < 8.5.15 / 8.6.x < 8.6.15 Multiple Vulnerabilities (drupal-2019-04-17)

2019-04-19 00:00:00

Fedora 30 : drupal8 (2019-eba8e44ee6)

2019-05-08 00:00:00

fedora

[SECURITY] Fedora 29 Update: php-symfony3-3.4.26-1.fc29

2019-04-27 23:12:02

[SECURITY] Fedora 30 Update: php-symfony3-3.4.26-1.fc30

2019-04-27 21:35:08

[SECURITY] Fedora 30 Update: php-symfony4-4.2.7-2.fc30

2019-04-27 21:35:09

freebsd

drupal -- Drupal core - Moderately critical

2019-04-17 00:00:00

thn

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities

2019-04-17 21:51:00

drupal

Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005

2019-04-17 00:00:00

debian

[SECURITY] [DLA 1778-1] symfony security update

2019-05-06 19:15:58

[SECURITY] [DSA 4441-1] symfony security update

2019-05-10 06:26:37

[SECURITY] [DSA 4441-1] symfony security update

2019-05-10 06:26:19

ibm

Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in Drupal core (CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-11358)

2019-05-31 13:40:01

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.2%

JSON

Related for CVELIST:CVE-2019-10909