XSS in Symphony-cms Symphony_cms
CVE-2011-4341
Multiple SQL injection vulnerabilities in symphony/content/content.publish.php in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author permissions to execute arbitrary SQL commands via th…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.029 (85.1th percentile) — read the EPSS interpretation.
Affected products
- Symphony-cms Symphony_cms — versions 2.2.3
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_MISC)
- secalert@redhat.com (mailing-list, x_refsource_BUGTRAQ)
- secalert@redhat.com (vdb-entry, x_refsource_XF)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_OSVDB, vdb-entry)
- secalert@redhat.com (mailing-list, x_refsource_MLIST, Patch)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_MISC)