← Back to CVE List

CVE-2017-16881

Published: 2017-11-18T13:29Z
Last Modified: 2024-11-21T03:17Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt