Cross-site Scripting Vulnerability in Youtube Gallery Component for Joomla!
CVE-2013-5956

Currently unrated

Key Information:

Vendor: Joomlaboat
Status: Com Youtubegallery
Vendor: CVE Published:; 25 April 2014

What is CVE-2013-5956?

The Youtube Gallery component for Joomla! version 3.4.0 is susceptible to a Cross-site Scripting (XSS) vulnerability found in the includes/flvthumbnail.php file. This flaw allows remote attackers to inject arbitrary web scripts or HTML code via the videofile parameter. If exploited, this vulnerability may enable attackers to execute malicious scripts in the context of the user's session, leading to potential data theft and unauthorized actions within the affected application.

References

http://seclists.org/fulldisclosure/2014/Mar/264

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/125732/Joomla-Youtub...

x_refsource_MISC

http://seclists.org/fulldisclosure/2014/Mar/288

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2014
Vulnerability Reserved
Sep 27, 2013

CVE-2013-5956 Data

JSON

Joomlaboat

What is CVE-2013-5956?

References

Timeline