3 matches found
CVE-2019-17488
CVE-2019-17488 affects b3log Symphony (Sym) before 3.6.0, where a cross-site scripting (XSS) vulnerability exists via the HTTP User-Agent header. The connected CNVD entry notes the root cause as lack of proper validation of client-side data by the web application, enabling potential client-side c...
CVE-2018-16249
Symphony (before 3.3.0) is affected by a stored XSS in the articleTitle field of the Title under Post. An admin-authenticated user can insert arbitrary HTML/JS via a crafted site name, triggering payload execution when accessing /member/test/points. The vulnerability stems from how the articleTit...
CVE-2019-9142
The CVE-2019-9142 issue affects b3log Symphony (Sym) prior to v3.4.7. The vulnerability is an XSS flaw exposed via userIntro and userNickname fields in processor/SettingsProcessor.java. Connections across multiple sources confirm the root cause is input handling in SettingsProcessor.java, leading...