Lucene search
HistoryFeb 01, 2023 - 10:15 p.m.
CVE-2023-23750
joomla
csrf
vulnerability
post-installation messages
nvd
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.2%
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
Affected configurations
Node
joomlajoomla\!Range4.0.0–4.2.6
| CPE | Name | Operator | Version |
|---|---|---|---|
| joomla:joomla\! | joomla joomla! | le | 4.2.6 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-4.2.6"
}
]
}
]Related
joomla
joomla
[20230101] - Core - CSRF within post-installation messages
2022-12-24 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-02-01 22:15:00
nvd
nvd
CVE-2023-23750
2023-02-01 22:15:09
osv
osv
CVE-2023-23750
2023-02-01 22:15:09
cvelist
cvelist
CVE-2023-23750 [20230101] - Core - CSRF within post-installation messages
2023-02-01 21:12:36
nessus
nessus
Joomla! 4.x < 4.2.7 Multiple Vulnerabilities
2023-02-03 00:00:00
openvas
openvas
Joomla! 4.0.0 <= 4.2.6 Multiple Vulnerabilities
2023-02-02 00:00:00
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.2%
Related for CVE-2023-23750