4 matches found
CVE-2024-41613
CVE-2024-41613 represents a documented XSS in Symphony CMS 2.7.10, where an attacker can inject arbitrary script/HTML by editing a note. The affected software is Symphony CMS (version 2.7.10); the entry describes the vulnerability as a cross-site scripting issue impacting note editing. The Red Ha...
CVE-2024-41614
Symphony CMS versions
CVE-2011-4341
Symphony CMS 2.2.3 (and possibly earlier 2.2.x) contains multiple SQL injection vulnerabilities in content.publish.php (filter parameter) that can be exploited by remote authenticated users with Author permissions to execute arbitrary SQL against (1) symphony/publish/comments or (2) symphony/publ...
CVE-2011-4340
Symphony CMS CVE-2011-4340 affects Symphony CMS 2.2.3 and potentially earlier versions up to just before 2.2.4. The vulnerability is due to cross-site scripting (XSS) in two areas: (1) profile parameter handling in extensions/profiledevkit/content/content.profile.php (triggered via default URI, a...