Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-16249

In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can be inserted by an admin-authenticated user via a crafted web site name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.3%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
Products affected by CVE-2018-16249
  • B3log » Symphony » Version: 0.2.5
    cpe:2.3:a:b3log:symphony:0.2.5
  • B3log » Symphony » Version: 1.0.0
    cpe:2.3:a:b3log:symphony:1.0.0
  • B3log » Symphony » Version: 1.3.0
    cpe:2.3:a:b3log:symphony:1.3.0
  • B3log » Symphony » Version: 1.4.0
    cpe:2.3:a:b3log:symphony:1.4.0
  • B3log » Symphony » Version: 1.5.0
    cpe:2.3:a:b3log:symphony:1.5.0
  • B3log » Symphony » Version: 1.6.0
    cpe:2.3:a:b3log:symphony:1.6.0
  • B3log » Symphony » Version: 1.7.0
    cpe:2.3:a:b3log:symphony:1.7.0
  • B3log » Symphony » Version: 1.8.0
    cpe:2.3:a:b3log:symphony:1.8.0
  • B3log » Symphony » Version: 1.9.0
    cpe:2.3:a:b3log:symphony:1.9.0
  • B3log » Symphony » Version: 2.0.0
    cpe:2.3:a:b3log:symphony:2.0.0
  • B3log » Symphony » Version: 2.1.0
    cpe:2.3:a:b3log:symphony:2.1.0
  • B3log » Symphony » Version: 2.2.0
    cpe:2.3:a:b3log:symphony:2.2.0
  • B3log » Symphony » Version: 2.3.0
    cpe:2.3:a:b3log:symphony:2.3.0
  • B3log » Symphony » Version: 2.4.0
    cpe:2.3:a:b3log:symphony:2.4.0
  • B3log » Symphony » Version: 2.5.0
    cpe:2.3:a:b3log:symphony:2.5.0
  • B3log » Symphony » Version: 2.6.0
    cpe:2.3:a:b3log:symphony:2.6.0
  • B3log » Symphony » Version: 2.7.0
    cpe:2.3:a:b3log:symphony:2.7.0
  • B3log » Symphony » Version: 2.8.0
    cpe:2.3:a:b3log:symphony:2.8.0
  • B3log » Symphony » Version: 3.0.0
    cpe:2.3:a:b3log:symphony:3.0.0
  • B3log » Symphony » Version: 3.1.0
    cpe:2.3:a:b3log:symphony:3.1.0
  • B3log » Symphony » Version: 3.2.0
    cpe:2.3:a:b3log:symphony:3.2.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved