NotCVE - vendor:"Kunena" product:"Kunena" version:"5.0.4"

2 results (0.011 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-15120

https://notcve.org/view.php?id=CVE-2019-15120

The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode. La extensión de Kunena versiones anteriores a 5.1.14 para Joomla!, permite un ataque de tipo XSS por medio de BBCode. • https://github.com/h3llraiser/CVE-2019-15120 https://vel.joomla.org/resolved/2260-kunena-5-0-x-5-1-14-xss-cross-site-scripting https://www.kunena.org/blog/207-kunena-5-1-14-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1

CVE-2017-5673

https://notcve.org/view.php?id=CVE-2017-5673

In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5. En la extensión Kunena 5.0.2 en versiones hasta 5.0.4 para Joomla! • http://www.fox.ra.it/technical-articles/kunena-vulnerability-2017-01.html http://www.securityfocus.com/bid/101677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •