Vulnerabilities > B3Log > Symphony > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-20 | CVE-2018-16249 | Cross-site Scripting vulnerability in B3Log Symphony In Symphony before 3.3.0, there is XSS in the Title under Post. | 3.5 |
2017-11-15 | CVE-2017-16821 | Cross-site Scripting vulnerability in B3Log Symphony 2.2.0 b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid. | 3.5 |