An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.
{
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed_at": "2020-06-16T22:03:21Z",
"github_reviewed": true,
"nvd_published_at": null
}