Max CVSS 7.5 Min CVSS 3.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-11358 4.3
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
06-04-2022 - 18:07 20-04-2019 - 00:29
CVE-2019-10911 6.0
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functional
29-09-2021 - 16:27 16-05-2019 - 22:29
CVE-2019-10910 7.5
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-inject
29-09-2021 - 16:23 16-05-2019 - 22:29
CVE-2019-10909 3.5
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
20-04-2021 - 12:53 16-05-2019 - 22:29
Back to Top Mark selected
Back to Top