Vulnerabilities > B3Log > Symphony > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-10 CVE-2019-17488 Cross-site Scripting vulnerability in B3Log Symphony
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.
network
b3log CWE-79
4.3
4.3
2019-02-25 CVE-2019-9142 Cross-site Scripting vulnerability in B3Log Symphony
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7.
network
b3log CWE-79
4.3
4.3