CVE-2026-45753
LOW SEVERITYVulnerability Description
Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
composer
Product
symfony/html-sanitizer
External References
- https://github.com/symfony/symfony/security/advisories/GHSA-hhg7-c65m-h7ff
- https://github.com/symfony/symfony/commit/26a598fcfc4f903cc55ff202f642ee621839825e
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/html-sanitizer/CVE-2026-45753.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45753.yaml
- https://symfony.com/cve-2026-45753
- https://github.com/advisories/GHSA-hhg7-c65m-h7ff
Discussion (0)
Add Comment
No comments yet. Be the first!