VYPR
Unrated severityNVD Advisory· Published Sep 17, 2010· Updated Jun 16, 2026

CVE-2010-3457

CVE-2010-3457

Description

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:getsymphony:symphony:2.0.7:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:getsymphony:symphony:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:getsymphony:symphony:2.1.1:*:*:*:*:*:*:*
  • Range: 2.0.7, 2.1.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.