CVE-2024-41613

MEDIUM

Symphony CMS 2.7.10 - Stored Cross-Site Scripting via Note Editing

Title source: llm
STIX 2.1

Description

A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note.

Scores

CVSS v3 5.4
EPSS 0.0040
EPSS Percentile 32.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
symphony-cms/symphony_cms 2.7.10
Published Aug 13, 2024
Tracked Since Feb 18, 2026