Cross-Site Scripting Vulnerability in Balbooa Gridbox for Joomla!
CVE-2018-11690

6.1MEDIUM

Key Information:

Vendor

Balbooa

Status
Gridbox
Vendor
CVE Published:
14 June 2018

What is CVE-2018-11690?

The Balbooa Gridbox extension for Joomla! versions 2.4.0 and earlier is prone to a cross-site scripting vulnerability due to inadequate input validation. This allows a remote attacker to manipulate a crafted URL, which, when accessed, can execute scripts within the security context of the vulnerable site in the victim's web browser. Exploiting this vulnerability can enable attackers to hijack user sessions and steal cookie-based authentication tokens.

References

http://seclists.org/fulldisclosure/2018/Jun/26
mailing-listx_refsource_FULLDISC
https://vel.joomla.org/resolved/2155-gridbox-com-gridbox-...
x_refsource_MISC
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11690
x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.