0.001 Low
EPSS
Percentile
36.7%
symfony/symfony is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists as the value of the validation messages were not sanitized, allowing XSS attacks.
github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
www.drupal.org/sa-core-2019-005
www.synology.com/security/advisory/Synology_SA_19_19