15 matches found
CVE-2019-10909
creationtimestamp| type| source ---|---|--- 2019-05-16 22:51:24+00:00| seen| https://t.me/cvemitreorg/25 2025-05-08 05:00:07+00:00| published-proof-of-concept| Telegram/ee4Sk2iX4NQCrC-p271ZgtDUcNEyDO7VCRtDqN26FeKrwI4...
DEBIAN-CVE-2019-10909
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...
CVE-2019-10909
The CVE affects Symfony framework-bundle: 2.x up to 2.7.51, 2.8.x up to 2.8.50, 3.x up to 3.4.26, 4.x up to 4.1.12, and 4.2.x up to 4.2.7. Root cause: validation messages are not escaped in the PHP templating engine, enabling XSS when user input is included. Impact: cross-site scripting in applic...
Fedora 30 : drupal8 (2019-eba8e44ee6)
https://www.drupal.org/project/drupal/releases/8.6.15 - https://www.drupal.org/SA-CORE-2019-005 CVE-2019-10909 / CVE-2019-10910 / CVE-2019-10911 - https://www.drupal.org/SA-CORE-2019-006 CVE-2019-11358 - https://www.drupal.org/project/drupal/releases/8.6.14 Note that Tenable Network Security has...
Fedora 29 : drupal8 (2019-7eaf0bbe7c)
https://www.drupal.org/project/drupal/releases/8.6.15 - https://www.drupal.org/SA-CORE-2019-005 CVE-2019-10909 / CVE-2019-10910 / CVE-2019-10911 - https://www.drupal.org/SA-CORE-2019-006 CVE-2019-11358 - https://www.drupal.org/project/drupal/releases/8.6.14 Note that Tenable Network Security has...
Fedora 28 : drupal8 (2019-1a3edd7e8a)
https://www.drupal.org/project/drupal/releases/8.6.15 - https://www.drupal.org/SA-CORE-2019-005 CVE-2019-10909 / CVE-2019-10910 / CVE-2019-10911 - https://www.drupal.org/SA-CORE-2019-006 CVE-2019-11358 - https://www.drupal.org/project/drupal/releases/8.6.14 Note that Tenable Network Security has...
Debian DLA-1778-1 : symfony security update
Several security vulnerabilities have been discovered in symfony, a PHP web application framework. Numerous symfony components are affected: Framework Bundle, Dependency Injection, Security, HttpFoundation CVE-2019-10909 Validation messages were not escaped when using the form theme of the PHP...
[SECURITY] [DLA 1778-1] symfony security update
Package : symfony Version : 2.3.21+dfsg-4+deb8u5 CVE ID : CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-10913 Several security vulnerabilities have been discovered in symfony, a PHP web application framework. Numerous symfony components are affected: Framework Bundle, Dependency Injection...
Fedora 30 : php-symfony4 (2019-f5d6a7ce74)
Version 4.2.7 2019-04-17 - bug 31107 Routing fix trailing slash redirection with non-greedy trailing vars nicolas-grekas - bug 31108 FrameworkBundle decorate the ValidatorBuilder's translator with LegacyTranslatorProxy nicolas-grekas - bug 31121 HttpKernel Fix get session when the request stack i...
Fedora 30 : php-symfony3 (2019-8635280de5)
Version 3.4.26 2019-04-17 - bug 31084 HttpFoundation Make MimeTypeExtensionGuesser case insensitive vermeirentony - bug 31142 Revert 'bug 30423 Security Rework firewall's access denied rule dimabory' chalasr - security cve-2019-10910 DI Check service IDs are valid nicolas-grekas - security...
Fedora 29 : php-symfony (2019-f8db687840)
Version 2.8.50 2019-04-17 - security cve-2019-10910 DI Check service IDs are valid nicolas-grekas - security cve-2019-10909 FrameworkBundleForm Fix XSS issues in the form theme of the PHP templating engine stof - security cve-2019-10912 PHPUnit Bridge Prevent destructors with side-effects from...
Drupal 8.x Multiple Vulnerabilities (SA-CORE-2019-005) - Linux
Drupal is prone to multiple vulnerabilities in third-party dependencies. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
drupal -- Drupal core - Moderately critical
Drupal Security Team reports: CVE-2019-10909: Escape validation messages in the PHP templating engine. CVE-2019-10910: Check service IDs are valid. CVE-2019-10911: Add a separator in the remember me cookie hash. jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue...
CVE-2019-10909: Escape validation messages in the PHP templating engine
More info at https://symfony.com/cve-2019-10909...
CVE-2019-10909: Escape validation messages in the PHP templating engine
More info at https://symfony.com/cve-2019-10909...