Cross-Site Scripting (XSS)

2020-08-1123:13:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

37.5%

JSON

Symphony CMS is susceptible to cross-site scripting (XSS). Lack of sanitization for the name field to appendSubheading, allowing an attacker to inject malicious script through it.

CPENameOperatorVersion
symphonycms/symphony-2le3.0.0
symphonycms/symphony-2le3.0.0

CPE	Name	Operator	Version
	symphonycms/symphony-2	le	3.0.0
	symphonycms/symphony-2	le	3.0.0

References

github.com/symphonycms/symphonycms/blob/master/symphony/content/content.blueprintsevents.php#L137

github.com/symphonycms/symphonycms/issues/2917

0.001 Low

EPSS

Percentile

37.5%

JSON

Related for VERACODE:26318