Vulnerabilities > B3Log > Symphony
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-23049 | Command Injection vulnerability in B3Log Symphony An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. | 9.8 |
| 2019-10-10 | CVE-2019-17488 | Cross-site Scripting vulnerability in B3Log Symphony b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. | 4.3 |
| 2019-06-20 | CVE-2018-16249 | Cross-site Scripting vulnerability in B3Log Symphony In Symphony before 3.3.0, there is XSS in the Title under Post. | 3.5 |
| 2019-02-25 | CVE-2019-9142 | Cross-site Scripting vulnerability in B3Log Symphony An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. | 4.3 |
| 2018-04-27 | CVE-2018-10469 | Unrestricted Upload of File with Dangerous Type vulnerability in B3Log Symphony 2.6.0 b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI. | 7.5 |
| 2017-11-15 | CVE-2017-16821 | Cross-site Scripting vulnerability in B3Log Symphony 2.2.0 b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid. | 3.5 |