Medium severity5.4NVD Advisory· Published Nov 15, 2017· Updated Jun 17, 2026
CVE-2017-16821
CVE-2017-16821
Description
b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid.
Affected products
1Patches
Vulnerability mechanics
References
1- github.com/b3log/symphony/issues/503nvdExploitIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.