CVE-2017-6067 (symphony_cms)
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
Read MoreAuthor: Fortify Security Team
CVE-2017-6003 (dotcms)
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
Read MoreCVE-2017-6066 (subrion_cms)
Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter.
Read MoreCVE-2017-6013 (subrion_cms)
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
Read MoreCVE-2017-6006 (symphony_cms)
Symphony 2.6.11 has XSS in publish/articles/new/ via the Body field.
Read More