Cross-Site Scripting Vulnerability in VirtueMart by Joomla!
CVE-2015-3619

5.4MEDIUM

Key Information:

Vendor

Virtuemart

Status
Virtuemart
Vendor
CVE Published:
6 February 2018

What is CVE-2015-3619?

The VirtueMart component for Joomla! prior to version 3.0.8 is vulnerable to a cross-site scripting (XSS) attack due to a flaw in the assets/js/vm2admin.js file. This vulnerability allows remote attackers to manipulate input fields, specifically by exploiting a double encoding issue with the parameters 'first_name', 'last_name', and 'company'. Successful exploitation can lead to the injection of arbitrary web scripts or HTML code, potentially compromising user data and site integrity.

References

http://dev.virtuemart.net/projects/virtuemart/repository/...
x_refsource_CONFIRM
https://virtuemart.net/news/470-release-vm3-0-8-2-secured...
x_refsource_CONFIRM
https://fortiguard.com/zeroday/FG-VD-15-027
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.