{"id":"CVE-2020-15071","details":"content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading.","modified":"2026-04-10T04:22:48.089866Z","published":"2020-08-11T18:15:13.020Z","references":[{"type":"EVIDENCE","url":"https://github.com/symphonycms/symphonycms/issues/2917"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/symphonycms/symphonycms","events":[{"introduced":"0"},{"last_affected":"ea690f74cbc5b325014e45fb44b7ad5501b7da5e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.0.0"}]}}],"versions":["2.0","2.0.1","2.0.2","2.0.4","2.0.7","2.0.7RC1","2.0.7RC2","2.0.7beta","2.1.2","2.2","2.2.2","2.2.3","2.2.4","2.2.5","2.3","2.3.1","2.3.1RC1","2.3.1RC2","2.3.1RC3","2.3.1beta1","2.3.1beta2","2.3.2","2.3.2RC1","2.3.2RC2","2.3.2beta1","2.3.2beta2","2.3.3","2.3.3RC1","2.3.3RC2","2.3.3RC3","2.3.3beta1","2.3.3beta2","2.3.3beta3","2.3.4","2.3.4RC1","2.3.4beta1","2.3.4beta2","2.3.5","2.3.5RC1","2.3.5beta1","2.3.6","2.3RC2","2.3RC3","2.3RC4","2.3beta1","2.3beta2","2.3beta3","2.4","2.4RC1","2.4RC2","2.4beta1","2.4beta3","2.5.0","2.5.1","2.5.2","2.5.2-beta.1","2.5.2-rc.1","2.6.0","2.6.0-beta.1","2.6.0-beta.2","2.6.0-rc.1","2.6.1","2.6.10","2.6.11","2.6.2","2.6.3","2.6.4","2.6.5","2.6.6","2.6.7","2.6.8","2.6.9","2.7.0","2.7.0.RC1","2.7.1","2.7.10","2.7.2","2.7.3","2.7.4","2.7.5","2.7.6","2.7.7","2.7.8","2.7.9","3.0.0","rev5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15071.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}