Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
b3log symphony vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-23049
An issue in symphony v.3.6.3 and before allows a remote malicious user to execute arbitrary code via the log4j component.
B3log Symphony
383
VMScore
CVE-2019-17488
b3log Symphony (aka Sym) prior to 3.6.0 has XSS via the HTTP User-Agent header.
B3log Symphony
312
VMScore
CVE-2018-16249
In Symphony prior to 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can b...
B3log Symphony
383
VMScore
CVE-2019-9142
An issue exists in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.
B3log Symphony
668
VMScore
CVE-2018-10469
b3log Symphony (aka Sym) 2.6.0 allows remote malicious users to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.
B3log Symphony 2.6.0
383
VMScore
CVE-2017-16956
b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.
Symphony Project Symphony 2.2.0
383
VMScore
CVE-2017-16881
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService...
Symphony Project Symphony 2.2.0
312
VMScore
CVE-2017-16821
b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid.
B3log Symphony 2.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started