CVE-2017-16956
Affected product: b3log Symphony (Sym) 2.2.0. Vulnerability: Cross-site scripting in the private messaging flow, exploited by sending a private letter with a specific /article URI followed by a second private letter with a modified title to obtain a user cookie. Root cause / impact: XSS issue ena...