Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment.
References
Link | Resource |
---|---|
https://www.davidsopas.com/komento-joomla-component-persistent-xss/ | Exploit Third Party Advisory |
https://stackideas.com/changelog/komento?version=2.0.5 | Release Notes Vendor Advisory |
http://seclists.org/fulldisclosure/2015/Oct/11 | Mailing List Third Party Advisory VDB Entry |
Configurations
Information
Published : 2017-12-27 11:29
Updated : 2018-01-11 10:21
NVD link : CVE-2015-7324
Mitre link : CVE-2015-7324
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
stackideas
- komento