Description
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.
Remediation
References
https://github.com/b3log/symphony/issues/860
Related Vulnerabilities
CVE-2019-16530 Vulnerability in maven package org.sonatype.nexus:nexus-core
CVE-2020-15174 Vulnerability in maven package org.webjars.npm:electron
CVE-2017-18924 Vulnerability in npm package oauth2-server
CVE-2022-41642 Vulnerability in npm package nadesiko3
CVE-2017-13098 Vulnerability in maven package com.madgag.spongycastle:bctls-jdk15on