Symphony Password Retrieval Script XSS

Medium Nessus Plugin ID 62813


The remote host is running a web application affected by a cross-site scripting vulnerability.


The remote host is running a version of Symphony that is affected by a cross-site scripting vulnerability. The 'email' parameter of the '/symphony/login/retrieve-password/' script is not properly sanitized, and may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user.

This version of Symphony may also be affected by other XSS and SQL injection vulnerabilities although Nessus has not tested for these additional issues.


Upgrade to Symphony 2.3.1 or later.

See Also

Plugin Details

Severity: Medium

ID: 62813

File Name: symphony_cms_retrieve_password_xss.nasl

Version: $Revision: 1.7 $

Type: remote

Published: 2012/11/05

Modified: 2016/05/19

Dependencies: 46818

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:symphony-cms:symphony_cms

Required KB Items: www/PHP, www/symphony

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 2012/09/18

Vulnerability Publication Date: 2012/10/17

Reference Information

BID: 56094

OSVDB: 86404

EDB-ID: 22039

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990