Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stackideas | komento | 1.7.1 |
| stackideas | komento | 1.7.0 |
| stackideas | komento | * |
Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stackideas | komento | 1.7.1 |
| stackideas | komento | 1.7.0 |
| stackideas | komento | 1.7.2 |
| stackideas | komento | * |
Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stackideas | komento | * |
The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stackideas | easydiscuss | * |
SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stackideas | easydiscuss | * |
Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stackideas | easydiscuss | * |
Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stackideas | easydiscuss | * |
User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stackideas | easydiscuss | * |
Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stackideas | easydiscuss | * |