B3log Symphony
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in B3log Symphony.
By the Year
In 2026 there have been 0 vulnerabilities in B3log Symphony. Symphony did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 9.80 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 3 | 4.80 |
| 2018 | 1 | 0.00 |
It may take a day or so for new Symphony vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent B3log Symphony Security Vulnerabilities
Arbitrary Code Exec via log4j in Symphony <=3.6.3
CVE-2024-23049
9.8 - Critical
- February 05, 2024
An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.
Command Injection
b3log Symphony (aka Sym) before 3.6.0 has XSS
CVE-2019-17488
- October 10, 2019
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.
In Symphony before 3.3.0, there is XSS in the Title under Post
CVE-2018-16249
4.8 - Medium
- June 20, 2019
In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can be inserted by an admin-authenticated user via a crafted web site name.
XSS
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7
CVE-2019-9142
- February 25, 2019
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.
b3log Symphony (aka Sym) 2.6.0
CVE-2018-10469
- April 27, 2018
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.
b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header
CVE-2017-16821
5.4 - Medium
- November 15, 2017
b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for B3log Symphony or by B3log? Click the Watch button to subscribe.
