Vulnerabilities > Symphony Project

DATE	CVE	VULNERABILITY TITLE	RISK
2017-11-27	CVE-2017-16956	Cross-site Scripting vulnerability in Symphony Project Symphony 2.2.0 b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title. network low complexity symphony-project CWE-79	6.1
2017-11-18	CVE-2017-16881	Cross-site Scripting vulnerability in Symphony Project Symphony 2.2.0 b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java. network low complexity symphony-project CWE-79	6.1

Vulnerabilities > Symphony Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Symphony Project"}]}