Linux Distros Unpatched Vulnerability : CVE-2019-10909

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead...

PT-2024-10554 · Symfony · Symfony Frameworkbundle

Name of the Vulnerable Software and Affected Versions: Symfony FrameworkBundle affected versions not specified Description: A code injection issue was found in the way Symfony implements translation caching in FrameworkBundle. The issue arises when using the Symfony translation system and not...

CVE-2024-21665 Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list

ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in...

Pimcore Security Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, ecommerce framework and product information management applications. A security vulnerability exists in Pimcore...

CSV Injection

pimcore/customer-management-framework-bundle is vulnerable to CSV Injection. The vulnerability exists because the getExportData function of AbstractExporter.php does not properly escape CSV records in the Firstname, Lastname, Street, Zip & City input fields, which allows an attacker to inject and...

GHSA-G996-Q5R8-W7G2 Symfony Cross-site Scripting (XSS) vulnerability

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...

UBUNTU-CVE-2019-10909

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...

CVE-2019-10909

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...

Input validation

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...

CVE-2019-10909

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...

CVE-2019-10909

The CVE affects Symfony framework-bundle: 2.x up to 2.7.51, 2.8.x up to 2.8.50, 3.x up to 3.4.26, 4.x up to 4.1.12, and 4.2.x up to 4.2.7. Root cause: validation messages are not escaped in the PHP templating engine, enabling XSS when user input is included. Impact: cross-site scripting in applic...

CVE-2019-10909: Escape validation messages in the PHP templating engine

Affected versions Symfony 2.7.0 to 2.7.50, 2.8.0 to 2.8.49, 3.4.0 to 3.4.25, 4.1.0 to 4.1.11 and 4.2.0 to 4.2.6 versions of Symfony Framework Bundle templating are affected by this security issue. The issue has been fixed in Symfony 2.7.51, 2.8.50, 3.4.26, 4.1.12 and 4.2.7. Note that no fixes are...