CVE-2015-4661

Name of the Vulnerable Software and Affected Versions Symphony CMS version 2.6.2

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the sort parameter to the "system/authors" endpoint. This could potentially lead to unauthorized actions on behalf of other users.

Recommendations For Symphony CMS version 2.6.2, consider restricting access to the sort parameter in the "system/authors" endpoint until a patch is available. As a temporary workaround, avoid using the sort parameter in this endpoint to minimize the risk of exploitation.