CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-5673

In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.4%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://www.fox.ra.it/technical-articles/kunena-vulnerability-2017-01.html
http://www.securityfocus.com/bid/101677
http://www.fox.ra.it/technical-articles/kunena-vulnerability-2017-01.html
http://www.securityfocus.com/bid/101677

Products affected by CVE-2017-5673

Kunena » Kunena » Version: 5.0.2

cpe:2.3:a:kunena:kunena:5.0.2
Kunena » Kunena » Version: 5.0.3

cpe:2.3:a:kunena:kunena:5.0.3
Kunena » Kunena » Version: 5.0.4

cpe:2.3:a:kunena:kunena:5.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-5673

Products

Pricing

Contact Us