Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
b3log symphony vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-23049
An issue in symphony v.3.6.3 and before allows a remote malicious user to execute arbitrary code via the log4j component.
B3log Symphony
4.3
CVSSv2
CVE-2019-17488
b3log Symphony (aka Sym) prior to 3.6.0 has XSS via the HTTP User-Agent header.
B3log Symphony
3.5
CVSSv2
CVE-2018-16249
In Symphony prior to 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can b...
B3log Symphony
4.3
CVSSv2
CVE-2019-9142
An issue exists in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.
B3log Symphony
7.5
CVSSv2
CVE-2018-10469
b3log Symphony (aka Sym) 2.6.0 allows remote malicious users to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.
B3log Symphony 2.6.0
4.3
CVSSv2
CVE-2017-16956
b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.
Symphony Project Symphony 2.2.0
4.3
CVSSv2
CVE-2017-16881
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService...
Symphony Project Symphony 2.2.0
3.5
CVSSv2
CVE-2017-16821
b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid.
B3log Symphony 2.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started