CVE-2011-4340
Description
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/; or (2) the filter parameter in symphony/lib/core/class.symphony.php, as demonstrated via requests to (d) symphony/publish/comments or (e) symphony/publish/images. NOTE: some of these details are obtained from third party information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
symphonycms/symphony-2Packagist | < 2.2.4 | 2.2.4 |
Affected products
2- cpe:2.3:a:symphony-cms:symphony_cms:2.2.3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
13- symphony-cms.com/download/releases/version/2.2.4/nvdPatch
- secunia.com/advisories/46663nvdVendor Advisory
- github.com/advisories/GHSA-wvq5-72qp-grjwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4340ghsaADVISORY
- packetstormsecurity.org/files/view/106493/symphonycms-sqlxss.txtnvdWEB
- seclists.org/bugtraq/2011/Nov/8nvdWEB
- symphony-cms.com/download/releases/version/2.2.4ghsaWEB
- www.openwall.com/lists/oss-security/2011/11/22/9nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/71106nvdWEB
- web.archive.org/web/20120614074927/http://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-symphony-cmsghsaWEB
- www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-symphony-cms/nvd
- www.osvdb.org/76882nvd
- www.osvdb.org/76883nvd
News mentions
0No linked articles in our index yet.