VIR Vulnerability Intelligence Relay

Package impact

php Packagist / symfony/html-sanitizer

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-45064 medium 5.5 8d ago Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing debianphp
CVE-2026-45066 medium 5.5 8d ago Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification debianphp
CVE-2026-48760 unknown 2d ago CVE-2026-48760: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense debianphp
CVE-2026-48761 unknown 2d ago CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content debianphp
CVE-2026-45753 unknown 8d ago CVE-2026-45753: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite: javascript: URI Survives Sanitization (XSS) debianphp