GHSA-4c5w-qqfg-grf3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4c5w-qqfg-grf3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4c5w-qqfg-grf3/GHSA-4c5w-qqfg-grf3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4c5w-qqfg-grf3
- Aliases
-
- CVE-2015-8766
- Published
- 2022-05-13T01:13:58Z
- Modified
- 2024-02-17T05:33:50.150452Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Symphony CMS XSS Vulnerabilities
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in
content/content.systempreferences.phpin Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1)email_sendmail[from_name], (2)email_sendmail[from_address], (3)email_smtp[from_name], (4)email_smtp[from_address], (5)email_smtp[host], (6)email_smtp[port], (7)jit_image_manipulation[trusted_external_sites], or (8)maintenance_mode[ip_whitelist]parameters to system/preferences. - Database specific
{ "nvd_published_at": "2016-01-08T21:59:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-08-01T20:00:06Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-8766
- https://github.com/symphonycms/symphony-2/commit/651e150091c61fb60ad1dff2bc2166185a83d9d6
- https://github.com/symphonycms/symphony-2
- https://web.archive.org/web/20210321090853/https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html
- http://seclists.org/fulldisclosure/2015/Dec/60
- http://www.getsymphony.com/download/releases/version/2.6.4
Affected packages
Packagist / symphonycms/symphony-2
Package
- Name
- symphonycms/symphony-2
- Purl
- pkg:composer/symphonycms/symphony-2