RSS   Vulnerabilities for 'Symphony'   RSS

2019-10-10
 
CVE-2019-17488

CWE-79
 

 
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.

 
2019-06-20
 
CVE-2018-16249

CWE-79
 

 
In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can be inserted by an admin-authenticated user via a crafted web site name.

 
2019-02-25
 
CVE-2019-9142

CWE-79
 

 
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.

 
2018-04-27
 
CVE-2018-10469

CWE-434
 

 
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.

 

 >>> Vendor: B3log 4 Products
Symphony
SOLO
WIDE
Vditor


Copyright 2022, cxsecurity.com

 

Back to Top