Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-31	CVE-2020-25912	XXE vulnerability in Getsymphony Symphony 2.7.10 A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS). network low complexity getsymphony CWE-611	6.4
2020-08-11	CVE-2020-15071	Cross-site Scripting vulnerability in Getsymphony Symphony 3.0.0 content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading. network getsymphony CWE-79	4.3
2018-06-07	CVE-2018-12043	Cross-site Scripting vulnerability in Getsymphony Symphony 2.7.6 content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. network getsymphony CWE-79	4.3
2017-05-10	CVE-2017-8876	Cross-site Scripting vulnerability in Getsymphony Symphony CMS 2.6.11 Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php. network getsymphony CWE-79	4.3
2017-04-11	CVE-2017-7694	Code Injection vulnerability in Getsymphony Symphony Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. network low complexity getsymphony CWE-94	6.5
2017-03-27	CVE-2017-6067	Cross-site Scripting vulnerability in Getsymphony Symphony 2.6.9 Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field. network getsymphony CWE-79	4.3
2017-01-20	CVE-2017-5542	Cross-site Scripting vulnerability in Getsymphony Symphony Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter. network getsymphony CWE-79	4.3
2017-01-20	CVE-2017-5541	Path Traversal vulnerability in Getsymphony Symphony Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. network low complexity getsymphony CWE-22	5.0
2016-01-08	CVE-2015-8766	Cross-site Scripting vulnerability in Getsymphony Symphony Multiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) email_sendmail[from_name], (2) email_sendmail[from_address], (3) email_smtp[from_name], (4) email_smtp[from_address], (5) email_smtp[host], (6) email_smtp[port], (7) jit_image_manipulation[trusted_external_sites], or (8) maintenance_mode[ip_whitelist] parameters to system/preferences. network getsymphony CWE-79	4.3
2016-01-08	CVE-2015-8376	Cross-site Scripting vulnerability in Getsymphony Symphony 2.6.3 Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter to blueprints/sections/edit/1. network getsymphony CWE-79	4.3