Symphony Security Vulnerabilities and Issues — Symphony CVE List

Lucene search

B3logSymphony

3 matches found

CVE•added 2019/10/10 9:15 p.m.•98 views

CVE-2019-17488

b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.

6.1CVSS6AI score0.0024EPSS

CVE•added 2019/06/20 2:15 p.m.•85 views

CVE-2018-16249

In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can be inserted by an admin-authenticated user...

4.8CVSS4.8AI score0.00446EPSS

CVE•added 2019/02/25 3:29 p.m.•39 views

CVE-2019-9142

An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.

6.1CVSS5.9AI score0.0024EPSS