Escape validation messages in the PHP templating engine

ID GHSA-G996-Q5R8-W7G2
Type github
Reporter GitHub Advisory Database
Modified 2019-12-01T17:58:09


In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.