Home/Product/getsymphony symphony
Product

getsymphony symphony

29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-23049
<= 3.6.3
An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.
9.8CRITICAL
 CVE-2020-25912
all versions
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can
9.1CRITICAL
 CVE-2020-25343
all versions
Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to
5.4MEDIUM
 CVE-2020-17405
all versions
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2
8.8HIGH
 CVE-2020-15071
all versions
content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading.
6.1MEDIUM
 CVE-2019-17488
< 3.6.0
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.
6.1MEDIUM
 CVE-2018-16249
< 3.3.0
In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON
4.8MEDIUM
 CVE-2019-9142
< 3.4.7
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to process
6.1MEDIUM
 CVE-2018-12043
all versions
content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.
6.1MEDIUM
 CVE-2018-10469
all versions
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /
9.8CRITICAL
 CVE-2017-16956
all versions
b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private
6.1MEDIUM
 CVE-2017-16881
all versions
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to
6.1MEDIUM
 CVE-2017-16821
all versions
b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwa
5.4MEDIUM
 CVE-2017-8876
all versions
Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.
6.1MEDIUM
 CVE-2017-7694
<= 2.6.11
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows re
8.8HIGH
 CVE-2017-6067
all versions
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
6.1MEDIUM
 CVE-2017-5542
<= 2.6.9
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote a
6.1MEDIUM
 CVE-2017-5541
<= 2.6.9
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attacker
5.3MEDIUM
 CVE-2016-4309
all versions
Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack
7.5HIGH
 CVE-2015-8766
<= 2.6.3
Multiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow re
6.1MEDIUM
 CVE-2015-8376
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or
6.1MEDIUM
 CVE-2015-4661
<= 2.6.2
Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via
 CVE-2013-7346
<= 2.3.1
Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication
 CVE-2013-2559
<= 2.3.1
SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via t
 CVE-2010-3458
all versions
SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to exe
 CVE-2010-3457
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web
 CVE-2010-2143
all versions
Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly
 CVE-2008-3592
<= 1.7.01
Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier all
 CVE-2008-3591
<= 1.7.01
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to exe
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh