EUVD-2020-9358

Malware in sbrugna...

CVE-2024-23049

An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component...

CVE-2017-16821

b3log Symphony aka Sym 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid...

Open Redirect

symphony/symphony is vulnerable to open redirect. The vulnerability exists because of an incomplete fix for CVE-2017-16652 which is caused when security.httputils is inlined by a container...

Symphony cross-site scripting vulnerability (CNVD-2018-11373)

Symphony is a content management system CMS developed using PHP and MySQL. The system supports search engine optimization, module extensions and more. A cross-site scripting vulnerability exists in the content/content.blueprintspages.php file in Symphony version 2.7.6. A remote attacker can explo...

CVE-2017-16881

b3log Symphony aka Sym 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java,...