Stored-XSS-Vulnerability-Lab-Detection-Mitigation-

Stored Cross-Site Scripting XSS Vulnerability Report Exe...

GHSA-5J3W-5PCR-F8HG Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes

Impact Rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these values are unsafe e.g. contain user input, this can lead to HTML attribute injection and XSS vulnerabilities. Patche...

CVE-2025-47946

Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these...

PT-2025-22110 · Symfony · Symfony/Ux-Live-Component +1

Name of the Vulnerable Software and Affected Versions: symfony/ux-twig-component versions prior to 2.25.1 symfony/ux-live-component versions prior to 2.25.1 Description: The issue concerns the rendering of attributes or the use of methods that return a ComponentAttributes instance, which can lead...

GHSA-GCHQ-9R68-6JWV Cross-Site Request Forgery in Jenkins Credentials Plugin

Jenkins Credentials Plugin prior to 2.3.19, 2.3.15.1, 2.3.14.1, 2.3.13.1, 2.3.7.1, and 2.3.0.1 does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting XSS vulnerability. Jenkins Credentials Plugin 2.3.19, 2.3.15.1, 2.3.14.1, 2.3.13.1,...