Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 22/03/2017 Updated: 15/11/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

In the Kunena extension 5.0.2 up to and including 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kunena kunena 5.0.4
kunena kunena 5.0.3
kunena kunena 5.0.2

CWE-79 http://www.fox.ra.it/technical-articles/kunena-vulnerability-2017-01.html http://www.securityfocus.com/bid/101677 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-5673

Vulnerability Summary

References

Vulmon Search

About

Products

Connect