Search for packages
Package details: pkg:composer/symphonycms/symphony-2@2.6.0
purl pkg:composer/symphonycms/symphony-2@2.6.0
Next non-vulnerable version 2.6.4
Latest non-vulnerable version 2.6.4
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-r6sg-f54s-8uhj
Aliases:
CVE-2015-8766
GHSA-4c5w-qqfg-grf3
Symphony CMS XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in `content/content.systempreferences.php` in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) `email_sendmail[from_name]`, (2) `email_sendmail[from_address]`, (3) `email_smtp[from_name]`, (4) `email_smtp[from_address]`, (5) `email_smtp[host]`, (6) `email_smtp[port]`, (7) `jit_image_manipulation[trusted_external_sites]`, or (8) `maintenance_mode[ip_whitelist]` parameters to system/preferences.
2.6.4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T18:17:12.603490+00:00 GitLab Importer Affected by VCID-r6sg-f54s-8uhj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symphonycms/symphony-2/CVE-2015-8766.yml 37.0.0