CVE-2019-9142

CVSS v3.0 6.1 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.08 % (35^th)

Affected Products 1

Advisories 1

An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-02-25 15:29:00
(5 years ago)
Updated Date: 2019-02-25 19:15:33
(5 years ago)

Affected Products

B3log

Symphony

Configuration #1

		CPE23	From	Up To
	B3log Symphony prior 3.4.7 version	cpe:2.3:a:b3log:symphony		< 3.4.7