3 matches found
CVE-2017-16956
b3log Symphony aka Sym 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title...
CVE-2017-16956
b3log Symphony aka Sym 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title...
Design/Logic Flaw
b3log Symphony aka Sym 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid...