CVE-2020-15071

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-15071

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15071.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-15071

Published

2020-08-11T18:15:13.020Z

Modified

2025-11-14T10:49:18.469158Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading.

References

https://github.com/symphonycms/symphonycms/issues/2917

Affected packages

Git / github.com/symphonycms/symphonycms

Affected ranges

Type: GIT
Repo: https://github.com/symphonycms/symphonycms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

ea690f74cbc5b325014e45fb44b7ad5501b7da5e

Affected versions

2.*

2.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.7RC1

2.0.7RC2

2.0.7beta

2.1.0

2.1.1

2.1.2

2.2

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.5RC1

2.3

2.3.1

2.3.1RC1

2.3.1RC2

2.3.1RC3

2.3.1beta1

2.3.1beta2

2.3.2

2.3.2RC1

2.3.2RC2

2.3.2beta1

2.3.2beta2

2.3.3

2.3.3RC1

2.3.3RC2

2.3.3RC3

2.3.3beta1

2.3.3beta2

2.3.3beta3

2.3.4

2.3.4RC1

2.3.4beta1

2.3.4beta2

2.3.5

2.3.5RC1

2.3.5beta1

2.3.6

2.3RC2

2.3RC3

2.3RC4

2.3beta1

2.3beta2

2.3beta3

2.4

2.4RC1

2.4RC2

2.4beta1

2.4beta2

2.4beta3

2.5.0

2.5.0-rc.2

2.5.0RC1

2.5.0beta2

2.5.1

2.5.2

2.5.2-beta.1

2.5.2-rc.1

2.5.3

2.5.3-rc.1

2.6.0

2.6.0-beta.1

2.6.0-beta.2

2.6.0-rc.1

2.6.1

2.6.10

2.6.11

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.7.0

2.7.0.RC1

2.7.1

2.7.10

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

3.*

3.0.0

Other

rev5