VYPR
Medium severity5.4NVD Advisory· Published Nov 15, 2017· Updated Jun 17, 2026

CVE-2017-16821

CVE-2017-16821

Description

b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.