4 matches found
CVE-2020-15071
content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields'name' to appendSubheading...
Symphony CMS <= 3.0.0 XSS Vulnerabilities
Symphony CMS is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...
CVE-2020-15071
content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields'name' to appendSubheading...
CVE-2020-15071
Symphony CMS 3.0.0 contains a Cross-Site Scripting (XSS) vulnerability in content/content.blueprintsevents.php where the name field used by appendSubheading is not properly sanitized, enabling injected scripts. Affected component: Symphony CMS 3.0.0; root cause: lack of input sanitization for fie...