Known Vulnerabilities for products from Getsymphony

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Getsymphony".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2020-25912 json	A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 whic...	9.1 - CRITICAL	2021-10-31	2021-11-02
CVE-2020-25343 json	Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTM...	5.4 - MEDIUM	2020-10-07	2020-10-14
CVE-2020-15071 json	content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading.	6.1 - MEDIUM	2020-08-11	2020-08-25
CVE-2018-12043 json	content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.	6.1 - MEDIUM	2018-06-07	2018-07-12
CVE-2017-8876 json	Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.	6.1 - MEDIUM	2017-05-10	2020-08-25
CVE-2017-7694 json	Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allo...	8.8 - HIGH	2017-04-11	2020-08-25
CVE-2017-6067 json	Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.	6.1 - MEDIUM	2017-03-27	2020-08-25
CVE-2017-5542 json	Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows rem...	6.1 - MEDIUM	2017-01-20	2020-08-25
CVE-2017-5541 json	Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote att...	5.3 - MEDIUM	2017-01-20	2020-08-25
CVE-2016-4309 json	Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to h...	7.5 - HIGH	2016-06-30	2020-08-27
CVE-2015-8766 json	Multiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 all...	6.1 - MEDIUM	2016-01-08	2020-10-29
CVE-2015-8376 json	Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web scri...	6.1 - MEDIUM	2016-01-08	2020-08-25
CVE-2015-4661 json	Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML...	4.3 - MEDIUM	2015-06-18	2020-08-25
CVE-2013-7346 json	Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentica...	6.8 - MEDIUM	2014-03-27	2020-08-25
CVE-2013-2559 json	SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands ...	6.5 - MEDIUM	2014-03-27	2020-08-25
CVE-2010-3458 json	SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers t...	Not Provided	2010-09-17	2026-04-29
CVE-2010-3457 json	Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrar...	Not Provided	2010-09-17	2026-04-29
CVE-2010-2143 json	Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and poss...	Not Provided	2010-06-03	2026-04-29

Known software with vulnerabilities from Getsymphony

Type	Vendor	Product	Version
Application	Getsymphony	Symphony	2.0
Application	Getsymphony	Symphony Cms	2.0