symphonycms/symphony-2 is vulnerable to cross-site scripting (XSS) attacks. The attacks are possible because the user-supplied section’s name and navigation group input parameters in content/content.blueprintssections.php
are not properly sanitized.
CPE | Name | Operator | Version |
---|---|---|---|
symphonycms/symphony-2 | eq | 2.6.11 |