Cross-Site Scripting Vulnerability in Harmis JE Messenger for Joomla!
CVE-2019-9919

5.4MEDIUM

Key Information:

Vendor

Harmistechnology

Status
Je Messenger
Vendor
CVE Published:
29 March 2019

What is CVE-2019-9919?

A security flaw has been identified in the Harmis JE Messenger component for Joomla!, which allows attackers to exploit crafted messages. When a user opens one of these messages, it can lead to the execution of JavaScript in their browser, posing significant security risks. This vulnerability can be abused to carry out malicious actions on behalf of the user, potentially allowing attackers to steal sensitive information or hijack sessions.

References

https://extensions.joomla.org/extension/je-messenger/
x_refsource_MISC
https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.