5 matches found
CVE-2025-47946
Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these...
CVE-2025-47946 symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute injection via ComponentAttributes
Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these...
CVE-2025-47946 symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute injection via ComponentAttributes
Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these...
CVE-2025-47946
Summary: CVE-2025-47946 affects Symfony UX components. Prior to 2.25.1, rendering {{ attributes }} or using methods returning a ComponentAttributes instance can output unescaped attribute values, risking HTML attribute injection and XSS. The vulnerability affects the Symfony UX Twig component and...
CVE-2025-47946
creationtimestamp| type| source ---|---|--- 2025-05-19 12:04:13+00:00| seen| https://bsky.app/profile/symfony.com/post/3lpjjr442kx2g 2025-05-19 19:39:06+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16915 2025-05-19 21:13:12+00:00| seen|...