Description
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.
Remediation
References
https://github.com/b3log/symphony/issues/860
Related Vulnerabilities
CVE-2022-31129 Vulnerability in maven package org.webjars.bowergithub.moment:moment
CVE-2019-9212 Vulnerability in maven package com.alipay.sofa:hessian
CVE-2018-19837 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2021-32731 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web
CVE-2012-3544 Vulnerability in maven package org.apache.tomcat:coyote