content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading.
Published August 11, 2020.
Getsymphony Symphony CMS
