[20210401] - Core - Escape xss in logo parameter error pages

CVE-2021-26030
6.1MEDIUM

Key Information

Vendor
Joomla
Status
Joomla! Cms
Vendor
CVE Published:
14 April 2021

Summary

An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page

Affected Version(s)

Joomla! CMS = 3.0.0-3.9.25

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.