Vulnerabilities > B3Log > Symphony > 1.0.0

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2024-23049 Command Injection vulnerability in B3Log Symphony
An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.
network
low complexity
b3log CWE-77
critical
 9.8
9.8
2019-10-10 CVE-2019-17488 Cross-site Scripting vulnerability in B3Log Symphony
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.
network
b3log CWE-79
4.3
4.3
2019-06-20 CVE-2018-16249 Cross-site Scripting vulnerability in B3Log Symphony
In Symphony before 3.3.0, there is XSS in the Title under Post.
network
b3log CWE-79
3.5
3.5
2019-02-25 CVE-2019-9142 Cross-site Scripting vulnerability in B3Log Symphony
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7.
network
b3log CWE-79
4.3
4.3