Known Vulnerabilities for products from B3log
Listed below are 14 of the newest known vulnerabilities associated with the vendor "B3log".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33670 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to travers... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-33669 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readD... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2022-0350 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-03-31 | 2023-03-07 |
| CVE-2022-0341 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-03-14 | 2022-03-18 |
| CVE-2021-32855 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2023-02-21 | 2023-03-02 |
| CVE-2021-4103 | Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34. | 5.4 - MEDIUM | 2022-01-23 | 2022-01-27 |
| CVE-2019-17488 | b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. | 6.1 - MEDIUM | 2019-10-10 | 2019-10-15 |
| CVE-2019-13915 | b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the ed... | 7.5 - HIGH | 2019-07-18 | 2020-08-24 |
| CVE-2019-9142 | An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to pr... | 6.1 - MEDIUM | 2019-02-25 | 2019-02-25 |
| CVE-2018-16805 | In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON... | 4.8 - MEDIUM | 2018-09-10 | 2018-11-09 |
| CVE-2018-16249 | In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle"... | 4.8 - MEDIUM | 2019-06-20 | 2019-06-21 |
| CVE-2018-16248 | b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" ... | 6.1 - MEDIUM | 2019-06-20 | 2019-06-21 |
| CVE-2018-10469 | b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to ... | 9.8 - CRITICAL | 2018-04-27 | 2018-06-04 |
| CVE-2017-16821 | b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-... | 5.4 - MEDIUM | 2017-11-15 | 2020-07-28 |