CVE-2015-8376

MEDIUM

Symphony CMS 2.6.3 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter to blueprints/sections/edit/1.

References (2)

[Exploit] http://seclists.org/fulldisclosure/2015/Dec/101

[Exploit] http://seclists.org/fulldisclosure/2015/Dec/7

Scores

CVSS v3 6.1

EPSS 0.0023

EPSS Percentile 45.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (1)

getsymphony/symphony

Timeline

Published Jan 08, 2016

Tracked Since Feb 18, 2026