This website displays data collected from external sources, and is not responsible for any aspect of it. Read more...

Security / vulnerability advisories for B3log Symphony 3.0.0

Titles listed in dictionary

B3log Symphony 3.0.0

CPE for product: cpe:2.3:a:b3log:symphony:3.0.0:*:*:*:*:*:*:*

Showing 1-3 of 3

CVE-2019-17488	Medium-low damage	6.1
	Easy to exploit

(other affected products)

Published: Thu Oct 10 21:15:00 2019 UTC. Last Modified: Tue Oct 15 14:02:00 2019 UTC

CPE matches: cpe:2.3:a:b3log:symphony:*:*:*:*:*:*:*:* && versionEndExcluding=3.6.0

Description

b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.

Damage

Limited modification of data and/or system files.
Limited access to information.

Attack conditions

Remote attacking is possible through the network and can be done by anyone (requires no authentication).
Human user action interaction is required for the attack.
The attack is estimated to have a high success rate, once attempted.

Damage and attack conditions obtained from CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (CVSSv3)

Type of bug(s)

CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'): The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://github.com/b3log/symphony/issues/970

CVE-2019-9142	Medium-low damage	6.1
	Easy to exploit

(other affected products)

Published: Mon Feb 25 15:29:00 2019 UTC. Last Modified: Mon Feb 25 19:15:00 2019 UTC

CPE matches: cpe:2.3:a:b3log:symphony:*:*:*:*:*:*:*:* && versionEndExcluding=3.4.7

Description

An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.

Damage

Limited modification of data and/or system files.
Limited access to information.

Attack conditions

Remote attacking is possible through the network and can be done by anyone (requires no authentication).
Human user action interaction is required for the attack.
The attack is estimated to have a high success rate, once attempted.

Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (CVSSv3)

Type of bug(s)

CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'): The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://github.com/b3log/symphony/issues/860

CVE-2018-16249	Medium-low damage	4.8
	Difficult to exploit

(other affected products)

Published: Thu Jun 20 14:15:00 2019 UTC. Last Modified: Fri Jun 21 18:55:00 2019 UTC

CPE matches: cpe:2.3:a:b3log:symphony:*:*:*:*:*:*:*:* && versionEndExcluding=3.3.0

Description

In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can be inserted by an admin-authenticated user via a crafted web site name.

Damage

Limited modification of data and/or system files.
Limited access to information.

Attack conditions

Remote attacking is possible through the network but requires the attacker to have administrative privileges.
Human user action interaction is required for the attack.
The attack is estimated to have a high success rate, once attempted.

Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (CVSSv3)

Type of bug(s)

CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'): The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://github.com/b3log/symphony/issues/729