CVE-2020-25343

2020-10-0714:15:11

Google

osv.dev

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.6%

JSON

Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields[‘body’] param via events\event.publish_article.php

CPENameOperatorVersion
symphonycmseq2.7.2
symphonycmseq2.7.5
symphonycmseq2.3.2RC2
symphonycmseq2.6.1
symphonycmseq2.5.2
symphonycmseq2.2.3
symphonycmseq2.3.6
symphonycmseq2.6.0-beta.1
symphonycmseq2.0.4
symphonycmseq2.4beta2

Name	Operator	Version
symphonycms	eq	2.7.2
symphonycms	eq	2.7.5
symphonycms	eq	2.3.2RC2
symphonycms	eq	2.6.1
symphonycms	eq	2.5.2
symphonycms	eq	2.2.3
symphonycms	eq	2.3.6
symphonycms	eq	2.6.0-beta.1
symphonycms	eq	2.0.4
symphonycms	eq	2.4beta2