Symphonycms Symphony-2 vulnerabilities
2 known vulnerabilities affecting symphonycms/symphony-2.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2011-4340P4LOWPoC≥ 0, < 2.2.42022-05-17
CVE-2011-4340 [LOW] CWE-79 Symphony CMS vulnerable to Cross-site Scripting
Symphony CMS vulnerable to Cross-site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/
ghsaosv
CVE-2015-8766P4MEDIUM≥ 0, < 2.6.42022-05-13
CVE-2015-8766 [MEDIUM] CWE-79 Symphony CMS XSS Vulnerabilities
Symphony CMS XSS Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in `content/content.systempreferences.php` in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) `email_sendmail[from_name]`, (2) `email_sendmail[from_address]`, (3) `email_smtp[from_name]`, (4) `email_smtp[from_address]`, (5) `email_smtp[host]`, (6) `email_smtp[port]`, (7) `jit_image_manipulation[tru
ghsaosv