Every CVE whose affected-product data names B3log Symphony, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2018-10469 — CVSS 9.8 (critical): b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload…
CVE-2024-23049 — CVSS 9.8 (critical): An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.
CVE-2019-9142 — CVSS 6.1 (medium): An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to…
CVE-2017-16821 — CVSS 5.4 (medium): b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For…
CVE-2018-16249 — CVSS 4.8 (medium): In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field…