Search for packages
| purl | pkg:composer/symphonycms/symphony-2@2.6.0-rc.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-k8ze-h7fe-fkg2
Aliases: CVE-2015-8766 GHSA-4c5w-qqfg-grf3 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) email_sendmail[from_name], (2) email_sendmail[from_address], (3) email_smtp[from_name], (4) email_smtp[from_address], (5) email_smtp[host], (6) email_smtp[port], (7) jit_image_manipulation[trusted_external_sites], or (8) maintenance_mode[ip_allow list] parameters to system/preferences. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T21:50:05.488630+00:00 | GitLab Importer | Affected by | VCID-k8ze-h7fe-fkg2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symphonycms/symphony-2/CVE-2015-8766.yml | 38.4.0 |
| 2026-04-11T23:06:08.095506+00:00 | GitLab Importer | Affected by | VCID-k8ze-h7fe-fkg2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symphonycms/symphony-2/CVE-2015-8766.yml | 38.3.0 |
| 2026-04-02T23:14:24.970522+00:00 | GitLab Importer | Affected by | VCID-k8ze-h7fe-fkg2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symphonycms/symphony-2/CVE-2015-8766.yml | 38.1.0 |
| 2026-04-01T17:34:23.078884+00:00 | GitLab Importer | Affected by | VCID-k8ze-h7fe-fkg2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symphonycms/symphony-2/CVE-2015-8766.yml | 38.0.0 |