CVE-2020-15071

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-15071

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15071.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15071

Published

2020-08-11T18:15:13.020Z

Modified

2026-04-10T04:22:48.089866Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading.

References

https://github.com/symphonycms/symphonycms/issues/2917

Affected packages

Git / github.com/symphonycms/symphonycms

Affected ranges

Type

GIT

Repo

https://github.com/symphonycms/symphonycms

Events

Introduced

Last affected

ea690f74cbc5b325014e45fb44b7ad5501b7da5e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0"
        }
    ]
}

Affected versions

2.*

2.0

2.0.1

2.0.2

2.0.4

2.0.7

2.0.7RC1

2.0.7RC2

2.0.7beta

2.1.2

2.2

2.2.2

2.2.3

2.2.4

2.2.5

2.3

2.3.1

2.3.1RC1

2.3.1RC2

2.3.1RC3

2.3.1beta1

2.3.1beta2

2.3.2

2.3.2RC1

2.3.2RC2

2.3.2beta1

2.3.2beta2

2.3.3

2.3.3RC1

2.3.3RC2

2.3.3RC3

2.3.3beta1

2.3.3beta2

2.3.3beta3

2.3.4

2.3.4RC1

2.3.4beta1

2.3.4beta2

2.3.5

2.3.5RC1

2.3.5beta1

2.3.6

2.3RC2

2.3RC3

2.3RC4

2.3beta1

2.3beta2

2.3beta3

2.4

2.4RC1

2.4RC2

2.4beta1

2.4beta3

2.5.0

2.5.1

2.5.2

2.5.2-beta.1

2.5.2-rc.1

2.6.0

2.6.0-beta.1

2.6.0-beta.2

2.6.0-rc.1

2.6.1

2.6.10

2.6.11

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.7.0

2.7.0.RC1

2.7.1

2.7.10

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

3.*

3.0.0

Other

rev5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15071.json"