4 matches found
CVE-2026-45072
Summary: CVE-2026-45072 affects Symfony (PHP framework) via the WebProfiler/CodeExtension::fileExcerpt() in the profiler. The vulnerability arises because the profiler’s file_excerpt filter escapes PHP files with highlight_string() but injects non-PHP file lines directly into elements without es...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CodeExtension::fileExcerpt function in WebProfiler. An attacker can execute arbitrary JavaScript code in the context of affected users by sending a specially crafted non-PHP files with \n that avoids HTM...
CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering
More info at https://symfony.com/cve-2026-45072...
CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering
More info at https://symfony.com/cve-2026-45072...