UX
by Sensiolabs
Source repositories
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-47946 | Med | 0.33 | 6.1 | 0.00 | May 19, 2025 | Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering `{{ attributes }}` or using any method that returns a `ComponentAttributes` instance (e.g. `only()`, `defaults()`, `without()`) ouputs attribute… | ||
| CVE-2026-55877 | 0.00 | — | — | Jun 19, 2026 | ### Description The `ux_icon()` Twig function is marked `is_safe=['html']`, so Twig never escapes its output. `Icon::toHtml()` inlines the SVG source verbatim into the page. Browsers execute `` elements and `on*` event-handler attributes found inside inline SVG, making… |
- risk 0.33cvss 6.1epss 0.00
Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering `{{ attributes }}` or using any method that returns a `ComponentAttributes` instance (e.g. `only()`, `defaults()`, `without()`) ouputs attribute…
- CVE-2026-55877Jun 19, 2026risk 0.00cvss —epss —
### Description The `ux_icon()` Twig function is marked `is_safe=['html']`, so Twig never escapes its output. `Icon::toHtml()` inlines the SVG source verbatim into the page. Browsers execute `` elements and `on*` event-handler attributes found inside inline SVG, making…