Symphony Project Symphony — known CVE vulnerabilities
Every CVE whose affected-product data names Symphony Project Symphony, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2017-16881 — CVSS 6.1 (medium): b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to…
CVE-2017-16956 — CVSS 6.1 (medium): b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter…