Vulnerability CVE-2018-12043


Published: 2018-06-07

Description:
content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: Getsymphony
Product: Symphony 
Version: 2.7.6;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://github.com/symphonycms/symphony-2/commit/1ace6b31867cc83267b3550686271c9c65ac3ec0

Related CVE
CVE-2017-8876
Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.
CVE-2017-7694
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP co...
CVE-2017-6067
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
CVE-2017-6006
Symphony 2.6.11 has XSS in publish/articles/new/ via the Body field.

Copyright 2018, cxsecurity.com

 

Back to Top