Symfonia Ready_ Cross-Site Scripting Vulnerability in File Upload Functionality

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the file upload feature of Symfonia Ready_ versions 7.0.0.0 through 7.19.39.23. This vulnerability allows users to inject arbitrary JavaScript into filenames, which is then executed whenever someone interacts with the uploaded file. The injected script is stored on the server, creating a persistent XSS risk.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user interacting with the file.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Symfonia Ready_ Cross-Site Scripting Vulnerability in File Upload Functionality

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating