3 results (0.018 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en helpers/comment.php en el componente StackIdeas Komento (com_komento) en versiones anteriores a la 2.0.5 para Joomla! permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante las etiquetas (1) img o (2) url de un nuevo comentario. Joomla Komento versions prior to 2.0.5 suffer from a persistent cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2015/Oct/11 https://stackideas.com/changelog/komento?version=2.0.5 https://www.davidsopas.com/komento-joomla-component-persistent-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments." Vulnerabilidad de XSS en el componente StackIdeas Komento (com_komento) anterior a la versión 1.7.4 para Joomla! permite a atacantes remotos inyectar script Web o HTML arbitrario a través de vectores relacionados con "la comprobación de nuevos comentarios." • http://osvdb.org/102563 http://secunia.com/advisories/56577 http://stackideas.com/downloads/changelog/komento http://www.securityfocus.com/bid/65173 https://exchange.xforce.ibmcloud.com/vulnerabilities/90974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI. Múltiples vulnerabilidades de XSS en el componente StackIdeas Komento (com_komento) anterior a la versión 1.7.3 para Joomla! permite a atacantes remotos inyectar script Web o HTML arbitrario a través del parámetro (1) website o (2) latitude en un comentario hacia la URI por defecto. Joomla Komento extension version 1.7.2 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/31174 http://stackideas.com/downloads/changelog/komento http://www.exploit-db.com/exploits/31174 http://www.securityfocus.com/archive/1/530873/100/0/threaded http://www.securityfocus.com/bid/64659 https://www.htbridge.com/advisory/HTB23194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •