Symphony CMS is susceptible to cross-site scripting (XSS). Lack of sanitization for the name
field to appendSubheading
, allowing an attacker to inject malicious script through it.
CPE | Name | Operator | Version |
---|---|---|---|
symphonycms/symphony-2 | le | 3.0.0 | |
symphonycms/symphony-2 | le | 3.0.0 |