symphonycms/symphony-2 is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious script or HTML into the fields['body']
param via events\event.publish_article.php
when a user visits the page.
CPE | Name | Operator | Version |
---|---|---|---|
symphonycms/symphony-2 | eq | 3.0.0 |