cpe:/a:symphony_project:symphony:2.2.0 CVE-2017-16956 2017-11-27T05:29:00.393-05:00 2017-12-07T11:11:11.153-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2017-12-06T10:33:18.187-05:00 CONFIRM https://github.com/b3log/symphony/issues/509 b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.