Security Advisories - PKSA-q7f1-2s55-5c1z - Packagist.org

PKSA-q7f1-2s55-5c1z Security Advisory

symfony/ux-autocomplete XSS via unescaped AJAX response data

PKSA-q7f1-2s55-5c1z CVE-2026-49216

Affected package: symfony/ux-autocomplete

Affected version: >=2.2.0,<2.36.0|>=3.0.0,<3.1.0

Reported by:
FriendsOfPHP/security-advisories