Vulnerabilities > B3Log > Symphony > Low

DATE CVE VULNERABILITY TITLE RISK
2019-06-20 CVE-2018-16249 Cross-site Scripting vulnerability in B3Log Symphony
In Symphony before 3.3.0, there is XSS in the Title under Post.
network
b3log CWE-79
3.5
2017-11-15 CVE-2017-16821 Cross-site Scripting vulnerability in B3Log Symphony 2.2.0
b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid.
network
b3log CWE-79
3.5