vulnerability

Drupal: CVE-2019-10909: Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005

Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Apr 18, 2019
Added
Apr 18, 2019
Modified
May 22, 2019

Description

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

Solution(s)

drupal-upgrade-8_5_1drupal-upgrade-8_6_1
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.