pkg:Packagist/symfony/html-sanitizer

共 3 筆 CVE

✅ 檢查你的版本

所有已知漏洞

  • CVE-2026-45066Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification
    >= 6.1.0, < 6.4.40
  • CVE-2026-45064Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing
    >= 6.1.0, < 6.4.40
  • CVE-2026-45753Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)
    >= 6.1.0, < 6.4.40