CVE-2024-37156: Symfony Sprintf Html Xss
Unsanitized request input is formatted into an HTML string using sprintf(). This can lead to Cross-Site Scripting (XSS) if the string is subsequently rendered or returned in an HTTP Response without further encoding. Use htmlspecialchars() on user input before placing it into native HTML string templates.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
PHPβ
PHPβgreprules fetch cve-2024-37156-symfony-sprintf-html-xss --engine opengrepDescription
Unsanitized request input is formatted into an HTML string using sprintf(). This can lead to Cross-Site Scripting (XSS) if the string is subsequently rendered or returned in an HTTP Response without further encoding. Use htmlspecialchars() on user input before placing it into native HTML string templates.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0