6 matches found
CVE-2018-12043
content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page...
EUVD-2017-15135
Malware in sbrugna...
EUVD-2024-20574
Malicious code in bioql PyPI...
CVE-2018-16249
In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can be inserted by an admin-authenticated us...
CVE-2024-23049
An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component...
CVE-2017-8876
CVE-2017-8876 affects Symphony CMS v2.6.11, where an XSS flaw exists in the user-controlled input of the meta[navigation_group] parameter handled by content/content.blueprintssections.php. The vulnerability enables injection of script/HTML in affected pages, consistent with cross-site scripting d...