Mapsplugin: Security Vulnerabilities
The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7428.
CVSS Score
5.9
EPSS Score
0.009
Published
2017-09-28
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php.
CVSS Score
9.8
EPSS Score
0.016
Published
2017-09-14
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php.
CVSS Score
7.5
EPSS Score
0.014
Published
2017-09-07
Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-08-29
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-08-29
Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla!.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-08-29
Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-28