Lucene search
JoomlaCVE-2024-26278HistoryJul 09, 2024 - 5:15 p.m.
CVE-2024-26278
2024-07-0917:15:14
CWE-79
Joomla
web.nvd.nist.gov
32
custom fields
input filtering
vulnerability
xss vector
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.8
Confidence
High
EPSS
0.001
Percentile
26.1%
The Custom Fields component not correctly filter inputs, leading to a XSS vector.
Affected configurations
Node
joomlajoomla\!Range3.7.0–3.10.16
ORjoomlajoomla\!Range4.0.0–4.4.6
ORjoomlajoomla\!Range5.0.0–5.1.2
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.7.0-3.10.15"
},
{
"status": "affected",
"version": "4.0.0-4.4.5"
},
{
"status": "affected",
"version": "5.0.0-5.1.1"
}
]
}
]Related
osv
osv
CVE-2024-26278
2024-07-09 17:15:14
joomla
joomla
[20240705] - Core - XSS in com_fields default field value
2024-06-09 00:00:00
cvelist
cvelist
CVE-2024-26278 [20240705] - Core - XSS in com_fields default field value
2024-07-09 16:15:44
nvd
nvd
CVE-2024-26278
2024-07-09 17:15:14
vulnrichment
vulnrichment
CVE-2024-26278 [20240705] - Core - XSS in com_fields default field value
2024-07-09 16:15:44
openvas
openvas
Joomla! Multiple XSS Vulnerabilities (20240703, 20240704)
2024-07-10 00:00:00
nessus
nessus
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.8
Confidence
High
EPSS
0.001
Percentile
26.1%
Related for CVE-2024-26278