PT-2024-10554 · Symfony · Symfony Frameworkbundle

Name of the Vulnerable Software and Affected Versions: Symfony FrameworkBundle affected versions not specified Description: A code injection issue was found in the way Symfony implements translation caching in FrameworkBundle. The issue arises when using the Symfony translation system and not...

The vulnerability of the message validation function in symfony/framework-bundle of the Symfony software development and web application management platform lies in the lack of measures to protect website structures, allowing attackers to carry out XSS attacks.

The vulnerability of the message validation function in symfony/framework-bundle of the Symfony software development and web application management platform is related to the lack of measures to protect website structures. Exploiting this vulnerability could allow a malicious actor to execute XSS...

CVE-2019-10909

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...