Vulnerability Details CVE-2020-25343
Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
Products affected by CVE-2020-25343
-
cpe:2.3:a:getsymphony:symphony:3.0.0