40 matches found
EUVD-2019-0396
Malware in sbrugna...
EUVD-2017-8052
Malware in sbrugna...
EUVD-2017-7996
Malware in sbrugna...
EUVD-2017-8125
Malware in sbrugna...
EUVD-2019-7845
Malware in sbrugna...
CVE-2019-9142
An issue was discovered in b3log Symphony aka Sym before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java...
CVE-2019-17488
b3log Symphony aka Sym before 3.6.0 has XSS via the HTTP User-Agent header...
CVE-2018-10469
b3log Symphony aka Sym 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name parameter to the /upload URI...
CVE-2017-16821
b3log Symphony aka Sym 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid...
CVE-2019-17488
b3log Symphony aka Sym before 3.6.0 has XSS via the HTTP User-Agent header...
CVE-2019-17488
b3log Symphony aka Sym before 3.6.0 has XSS via the HTTP User-Agent header...
CVE-2019-17488
CVE-2019-17488 affects b3log Symphony (Sym) before 3.6.0, where a cross-site scripting (XSS) vulnerability exists via the HTTP User-Agent header. The connected CNVD entry notes the root cause as lack of proper validation of client-side data by the web application, enabling potential client-side c...
CVE-2019-17488
b3log Symphony aka Sym before 3.6.0 has XSS via the HTTP User-Agent header...
b3log Symphony cross-site scripting vulnerability (CNVD-2019-34789)
b3log Symphony Sym is a modern open source community platform written in the Java language. A cross-site scripting vulnerability exists in b3log Symphony versions prior to 3.6.0, which stems from the lack of proper validation of client-side data by the WEB application and can be exploited by an...
b3log Symphony cross-site scripting vulnerability (CNVD-2019-19290)
b3log Symphony Sym is a modern open source community platform written in the Java language. A cross-site scripting vulnerability exists in b3log Symphony versions prior to 3.3.0. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can...
Moderate severity vulnerability that affects org.b3log:symphony
An issue was discovered in b3log Symphony aka Sym before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java...
b3log Symphony cross-site scripting vulnerability (CNVD-2019-05664)
b3log Symphony Sym is a modern open source community platform written in the Java language. A cross-site scripting vulnerability exists in versions of b3log Sym prior to 3.4.7, which can be exploited by remote attackers to inject arbitrary web script or HTML by sending the userIntro and...
CVE-2019-9142
An issue was discovered in b3log Symphony aka Sym before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java...
Code injection
An issue was discovered in b3log Symphony aka Sym before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java...
CVE-2019-9142
An issue was discovered in b3log Symphony aka Sym before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java...