CVE-2026-45072
LOW SEVERITYVulnerability Description
Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
composer
Product
symfony/symfony
External References
- https://github.com/symfony/symfony/security/advisories/GHSA-hmr5-2xcr-v8pp
- https://github.com/symfony/symfony/commit/863aa81c61166f1aa74b7732df316f76113acbdb
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45072.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/twig-bridge/CVE-2026-45072.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/web-profiler-bundle/CVE-2026-45072.yaml
- https://symfony.com/cve-2026-45072
- https://github.com/advisories/GHSA-hmr5-2xcr-v8pp
Discussion (0)
Add Comment
No comments yet. Be the first!