Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes

🗓️ 19 May 2025 22:24:45Reported by GitHub Advisory DatabaseType 
github
 github🔗 github.com👁 18 Views

Symfony UX allows unsafe HTML attribute injection via ComponentAttributes, enabling XSS vulnerabilities.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
Circl		CVE-2025-47946
19 May 202512:04
circl
CNNVD		ux 跨站脚本漏洞
19 May 202500:00
cnnvd
CVE		CVE-2025-47946
19 May 202519:25
cve
Cvelist		CVE-2025-47946 symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute injection via ComponentAttributes
19 May 202519:25
cvelist
EUVD		EUVD-2025-15795
3 Oct 202520:07
euvd
Friends Of PHP		symfony/ux-live-component Unsanitized HTML attribute injection via ComponentAttributes
19 May 202512:05
friendsofphp
Friends Of PHP		symfony/ux-twig-component Unsanitized HTML attribute injection via ComponentAttributes
19 May 202512:05
friendsofphp
NVD		CVE-2025-47946
19 May 202520:15
nvd
OSV		CVE-2025-47946 symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute injection via ComponentAttributes
19 May 202519:25
osv
OSV		GHSA-5J3W-5PCR-F8HG Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes
19 May 202522:24
osv
Rows per page
Vulners
Node
symfonyux-live-componentRange<2.25.1composer
OR
symfonyux-twig-componentRange<2.25.1composer
SourceLink
githubwww.github.com/symfony/ux/security/advisories/GHSA-5j3w-5pcr-f8hg
nvdwww.nvd.nist.gov/vuln/detail/CVE-2025-47946
githubwww.github.com/symfony/ux-live-component/commit/7ad44cf56d750b9f56658ed986286a10da132ee7
githubwww.github.com/symfony/ux-twig-component/commit/b5d4e77db69315aeb18d2238e0e7c943d340ce76
githubwww.github.com/symfony/ux/commit/b5d1c85995c128cb926d47a96cfbfbd500b643a8
githubwww.github.com/symfony/ux/commit/c2f7738ee0969c31df7514025a7f5fc6e153932d
githubwww.github.com/FriendsOfPHP/security-advisories/blob/master/symfony/ux-live-component/CVE-2025-47946.yaml
githubwww.github.com/FriendsOfPHP/security-advisories/blob/master/symfony/ux-twig-component/CVE-2025-47946.yaml
symfonywww.symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attribute-injection-via-componentattributes
githubwww.github.com/advisories/GHSA-5j3w-5pcr-f8hg
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Aug 2025 21:08Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.16.1
EPSS0.00167
SSVC
CWE-79
symfony uxhtml attribute injectionxss vulnerabilitiescomponentattributestwig's escaperruntimesoftware patch.
18