Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-10909 - Vulnerability Database
Drupal

Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-10909

Medium
Reference: CVE-2019-10909
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-10909
Title: Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

In Symfony before 2.7.51 2.8.x before 2.8.50 3.x before 3.4.26 4.x before 4.1.12 and 4.2.x before 4.2.7 validation messages are not escaped which can lead to XSS when user input is included. This is related to symfony/framework-bundle.