symphonycms/symphony-2 is vulnerable to cross-site scripting (XSS) attacks. A flaw in the template/usererror.missing_extension.php
allows attackers to inject script through the existing-folder parameter.
CPE | Name | Operator | Version |
---|---|---|---|
symphonycms/symphony-2 | le | 2.6.9 |