Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
b3log symphony vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-23049
An issue in symphony v.3.6.3 and before allows a remote malicious user to execute arbitrary code via the log4j component.
B3log Symphony
9.8
CVSSv3
CVE-2018-10469
b3log Symphony (aka Sym) 2.6.0 allows remote malicious users to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.
B3log Symphony 2.6.0
6.1
CVSSv3
CVE-2019-17488
b3log Symphony (aka Sym) prior to 3.6.0 has XSS via the HTTP User-Agent header.
B3log Symphony
6.1
CVSSv3
CVE-2019-9142
An issue exists in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.
B3log Symphony
6.1
CVSSv3
CVE-2017-16956
b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.
Symphony Project Symphony 2.2.0
6.1
CVSSv3
CVE-2017-16881
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService...
Symphony Project Symphony 2.2.0
5.4
CVSSv3
CVE-2017-16821
b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid.
B3log Symphony 2.2.0
4.8
CVSSv3
CVE-2018-16249
In Symphony prior to 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can b...
B3log Symphony
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started