6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.7%
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
www.drupal.org/sa-core-2019-005
www.synology.com/security/advisory/Synology_SA_19_19