Symphony-cms Symphony Cms — known CVE vulnerabilities
Every CVE whose affected-product data names Symphony-cms Symphony Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2024-41613 — CVSS 5.4 (medium): A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing…
CVE-2024-41614 — CVSS 4.8 (medium): symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles.
CVE-2011-4341 — CVSS 4.3 (medium): Multiple SQL injection vulnerabilities in symphony/content/content.publish.php in Symphony CMS 2.2.3 and possibly other versions before…
CVE-2011-4340 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote…