EPSS
Percentile
37.3%
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.
github.com/b3log/symphony/issues/970