PT-2024-10554 · Symfony · Symfony Frameworkbundle

Name of the Vulnerable Software and Affected Versions: Symfony FrameworkBundle affected versions not specified Description: A code injection issue was found in the way Symfony implements translation caching in FrameworkBundle. The issue arises when using the Symfony translation system and not...

CVE-2019-10909

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...