CVE-2011-4340

Name of the Vulnerable Software and Affected Versions Symphony CMS versions prior to 2.2.4

Description The issue allows remote authenticated users with Author privileges to inject arbitrary web script or HTML. This can be achieved via the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated by requests to the default URI, about/, or drafts/. Additionally, it can be done via the filter parameter in symphony/lib/core/class.symphony.php, as demonstrated by requests to symphony/publish/comments or symphony/publish/images.

Recommendations For Symphony CMS versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the profile parameter in extensions/profiledevkit/content/content.profile.php and the filter parameter in symphony/lib/core/class.symphony.php to minimize the risk of exploitation. Avoid using the profile and filter parameters in the affected API endpoints until the issue is resolved.