Shodan
Vulnerabilities
Vulnerable Software
Getsymphony:  Security Vulnerabilities
CVE-2020-25912
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).
CVSS Score
9.1
EPSS Score
0.003
Published
2021-10-31
CVE-2020-25343
Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php
CVSS Score
5.4
EPSS Score
0.001
Published
2020-10-07
CVE-2020-15071
content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-08-11
CVE-2018-12043
content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-07
CVE-2017-8876
Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-05-10
CVE-2017-7694
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.
CVSS Score
8.8
EPSS Score
0.058
Published
2017-04-11
CVE-2017-6067
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-03-27
CVE-2017-5541
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.
CVSS Score
5.3
EPSS Score
0.013
Published
2017-01-20
CVE-2017-5542
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-01-20
CVE-2016-4309
Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.
CVSS Score
7.5
EPSS Score
0.219
Published
2016-06-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved