vulnerability
Drupal: CVE-2019-10909: Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Apr 18, 2019 | Apr 18, 2019 | Aug 11, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Apr 18, 2019
Added
Apr 18, 2019
Modified
Aug 11, 2025
Description
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Solutions
drupal-upgrade-8_5_1drupal-upgrade-8_6_1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.