b3log Symphony cross-site scripting vulnerability (CNVD-2019-05664)

b3log Symphony Sym is a modern open source community platform written in the Java language. A cross-site scripting vulnerability exists in versions of b3log Sym prior to 3.4.7, which can be exploited by remote attackers to inject arbitrary web script or HTML by sending the userIntro and...

CVE-2019-9142

An issue was discovered in b3log Symphony aka Sym before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java...