In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5.
References
Link | Resource |
---|---|
http://www.fox.ra.it/technical-articles/kunena-vulnerability-2017-01.html | Exploit Third Party Advisory |
http://www.securityfocus.com/bid/101677 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-03-22 10:59
Updated : 2017-11-14 18:29
NVD link : CVE-2017-5673
Mitre link : CVE-2017-5673
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
kunena
- kunena