Escape validation messages in the PHP templating engine

2019-11-12T23:00:53
ID GHSA-G996-Q5R8-W7G2
Type github
Reporter GitHub Advisory Database
Modified 2019-12-01T17:58:09

Description

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.