Lucene search
MitreCVELIST:CVE-2017-16881HistoryNov 18, 2017 - 1:00 p.m.
CVE-2017-16881
2017-11-1813:00:00
mitre
www.cve.org
3
b3log symphony
2.2.0
xss
json
useravatarurl
adminprocessor
articleprocessor
userprocessor
articlequeryservice
avatarqueryservice
commentqueryservice
cve-2017-16881
EPSS
0.001
Percentile
38.5%
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java.
References
Related
nvd
nvd
CVE-2017-16881
2017-11-18 13:29:00
cve
cve
CVE-2017-16881
2017-11-18 13:29:00
prion
prion
Memory corruption
2017-11-18 13:29:00