14 matches found
CVE-2024-41614
symphonycms =2.7.10 is vulnerable to Cross Site Scripting XSS in the Comment component for articles...
CVE-2024-41614
symphonycms =2.7.10 is vulnerable to Cross Site Scripting XSS in the Comment component for articles...
CVE-2024-41614
Symphony CMS versions
CVE-2024-41614
symphonycms =2.7.10 is vulnerable to Cross Site Scripting XSS in the Comment component for articles...
CVE-2024-41614
symphonycms =2.7.10 is vulnerable to Cross Site Scripting XSS in the Comment component for articles...
Cross-site Scripting (XSS)
symphonycms/symphony-2 is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious script or HTML into the fields'body' param via events\event.publisharticle.php when a user visits the page...
Session Fixation
symphonycms/symphony-2 is vulnerable to session fixation. The vulnerability exists as it does not regenerate the user's PHPSESSID cookie value upon a successful authentication. If a user's PHPSESSID cookie value can be modified by means of application logic or another vulnerability, an attacker...
SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting
Exploit Title: SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting Google Dork: "lepton cms" Date: 2020-08-28 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.getsymphony.com/ Software Link: https://www.getsymphony.com/ Version: 3.0.0 Tested on: Windows CVE : N/A...
Cross-site Scripting (XSS)
symphonycms/symphony-2 is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the page title parameter, allowing self XSS attacks to occur...
Cross-site Scripting (XSS)
symphonycms/symphony-2 is vulnerable to cross-site scripting XSS attacks. The application does not properly sanitize multiple parameters in the symphony/content/content.publish.php file. This allows an authenticated malicious user to inject and execute arbitrary webscript...
Cross-site Scripting (XSS)
symphonycms/symphony-2 is vulnerable to cross-site scripting XSS attacks. Attackers are able to inject web script through the following parameters in content/content.systempreferences.php: emailsendmailfromname, emailsendmailfromaddress, emailsmtpfromname, emailsmtpfromaddress, emailsmtphost,...
Cross-site Scripting (XSS)
symphonycms/symphony-2 is vulnerable to cross-site scripting XSS attacks. A flaw in the template/usererror.missingextension.php allows attackers to inject script through the existing-folder parameter...
Cross-site Scripting (XSS)
symphonycms/symphony-2 is vulnerable to cross-site scripting XSS attacks. The attacks are possible because the user-supplied section's name and navigation group input parameters in content/content.blueprintssections.php are not properly sanitized...
Remote Code Execution (RCE)
symphonycms/symphony-2 is vulnerable to remote code execution RCE. This is due to a lack of sanitization on user input strings, allowing a malicious user to inject and execute arbitrary script through symphony/content/content.blueprintsdatasources.php...