Vulnerabilities > Sensiolabs > Symfony > 2.8.50
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-05-16 | CVE-2019-10910 | SQL Injection vulnerability in multiple products In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. | 9.8 |
2019-05-16 | CVE-2019-10909 | Cross-site Scripting vulnerability in multiple products In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. | 5.4 |