CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-11020
https://notcve.org/view.php?id=CVE-2016-11020
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. Kunena anterior a la versión 5.0.4 no restringe las extensiones de archivos de avatar a gif, jpeg, jpg y png. Esto puede conducir a XSS y a la ejecución remota de código. • https://github.com/Kunena/Kunena-Forum/pull/5028 https://www.kunena.org/blog/179-kunena-5-0-4-released https://www.kunena.org/bugs/changelog • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15120
https://notcve.org/view.php?id=CVE-2019-15120
The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode. La extensión de Kunena versiones anteriores a 5.1.14 para Joomla!, permite un ataque de tipo XSS por medio de BBCode. • https://github.com/h3llraiser/CVE-2019-15120 https://vel.joomla.org/resolved/2260-kunena-5-0-x-5-1-14-xss-cross-site-scripting https://www.kunena.org/blog/207-kunena-5-1-14-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2017-5673
https://notcve.org/view.php?id=CVE-2017-5673
In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5. En la extensión Kunena 5.0.2 en versiones hasta 5.0.4 para Joomla! • http://www.fox.ra.it/technical-articles/kunena-vulnerability-2017-01.html http://www.securityfocus.com/bid/101677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •