Lucene search
K
B3logSymphony

6 matches found

CVE
CVE
added 2024/02/05 12:0 a.m.223 views

CVE-2024-23049

CVE-2024-23049 affects Symphony (v3.6.3 and earlier). The vulnerability enables remote code execution via the log4j component, with impact on confidentiality, integrity, and availability reported as High. Affected is Symphony’s log4j handling; root cause details are not fully enumerated in the pr...

9.8CVSS9.6AI score0.01169EPSS
CVE
CVE
added 2019/10/10 8:18 p.m.111 views

CVE-2019-17488

CVE-2019-17488 affects b3log Symphony (Sym) before 3.6.0, where a cross-site scripting (XSS) vulnerability exists via the HTTP User-Agent header. The connected CNVD entry notes the root cause as lack of proper validation of client-side data by the web application, enabling potential client-side c...

6.1CVSS6AI score0.00818EPSS
CVE
CVE
added 2019/06/20 1:54 p.m.96 views

CVE-2018-16249

Symphony (before 3.3.0) is affected by a stored XSS in the articleTitle field of the Title under Post. An admin-authenticated user can insert arbitrary HTML/JS via a crafted site name, triggering payload execution when accessing /member/test/points. The vulnerability stems from how the articleTit...

4.8CVSS4.8AI score0.00534EPSS
Web
CVE
CVE
added 2017/11/15 3:0 a.m.59 views

CVE-2017-16821

Vulnerability : b3log Symphony 2.2.0 is affected by an XSS in processor/AdminProcessor.java within the admin console, triggered by a crafted X-Forwarded-For header that is mishandled when displaying a client IP at /admin/user/userid. Impact : potential XSS in the admin interface as described. Rem...

5.4CVSS5.2AI score0.00479EPSS
Web
CVE
CVE
added 2018/04/27 4:0 a.m.52 views

CVE-2018-10469

CVE-2018-10469 affects b3log Symphony (Sym) 2.6.0. A remote attacker can upload and execute arbitrary JSP files by sending the name[] parameter to the /upload URI, enabling remote code execution with partial to high impact as per the CVE description. No explicit remediation/patch details are prov...

9.8CVSS9.6AI score0.02157EPSS
CVE
CVE
added 2019/02/25 3:0 p.m.51 views

CVE-2019-9142

The CVE-2019-9142 issue affects b3log Symphony (Sym) prior to v3.4.7. The vulnerability is an XSS flaw exposed via userIntro and userNickname fields in processor/SettingsProcessor.java. Connections across multiple sources confirm the root cause is input handling in SettingsProcessor.java, leading...

6.1CVSS5.9AI score0.00802EPSS
Web