CVE-2015-7324

Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment.
References
Link Resource
https://www.davidsopas.com/komento-joomla-component-persistent-xss/ Exploit Third Party Advisory
https://stackideas.com/changelog/komento?version=2.0.5 Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2015/Oct/11 Mailing List Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:stackideas:komento:*:*:*:*:*:joomla\!:*:*

Information

Published : 2017-12-27 11:29

Updated : 2018-01-11 10:21


NVD link : CVE-2015-7324

Mitre link : CVE-2015-7324


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

stackideas

  • komento