Cross Site Scripting (XSS)

friendsofsymfony/rest-bundle is vulnerable to Cross Site Scripting XSS. The vulnerability is due to incorrect jsonp validation due to sanitizing the callback query param name rather than its value, which allows potentially malicious callback values to be processed, leading to Cross Site Scriping...