3 matches found
CVE-2020-25343
CVE-2020-25343 affects Symphony CMS 3.0.0. It describes cross-site scripting (XSS) via the fields['body'] parameter in events\event.publish_article.php, allowing a remote attacker to inject arbitrary web script or HTML. The CVE indicates impact on client-side confidentiality/integrity (via script...
CVE-2020-15071
content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields'name' to appendSubheading...
Cross site scripting
content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields'name' to appendSubheading...