Lucene search
JoomlaCVE-2024-26279HistoryJul 09, 2024 - 5:15 p.m.
CVE-2024-26279
2024-07-0917:15:15
CWE-79
Joomla
web.nvd.nist.gov
29
content filtering
xss vulnerabilities
various components
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
26.1%
The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
Affected configurations
Node
joomlajoomla\!Range3.0.0–3.10.16
ORjoomlajoomla\!Range4.0.0–4.4.6
ORjoomlajoomla\!Range5.0.0–5.1.2
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.7.0-3.10.15"
},
{
"status": "affected",
"version": "4.0.0-4.4.5"
},
{
"status": "affected",
"version": "5.0.0-5.1.1"
}
]
}
]Related
cvelist
cvelist
CVE-2024-26279 [20240704] - Core - XSS in Wrapper extensions
2024-07-09 16:15:48
vulnrichment
vulnrichment
CVE-2024-26279 [20240704] - Core - XSS in Wrapper extensions
2024-07-09 16:15:48
nvd
nvd
CVE-2024-26279
2024-07-09 17:15:15
openvas
openvas
Joomla! XSS Vulnerability (20240705)
2024-07-10 00:00:00
joomla
joomla
[20240704] - Core - XSS in Wrapper extensions
2024-06-08 00:00:00
osv
osv
CVE-2024-26279
2024-07-09 17:15:15
nessus
nessus
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
26.1%
Related for CVE-2024-26279