CVE-2017-6006by Jeremyin Security Bulletinson Posted on March 28, 2017 Symphony 2.6.11 has XSS in publish/articles/new/ via the Body field.