CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
75.7%
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities :
A security bypass vulnerability exists in the installer application due to a failure to properly check for ownership of a webspace. An unauthenticated, remote attacker can exploit this to gain control of another user’s webspace. Note that this vulnerability affects versions 1.0.0 through 3.7.3. (CVE-2017-11364)
A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user’s browser session. Note that this vulnerability affects versions 1.5.0 through 3.7.3. (CVE-2017-11612)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11364
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11612
developer.joomla.org/security-centre/700-20170704-core-installer-lack-of-ownership-verification
developer.joomla.org/security-centre/701-20170704-core-installer-lack-of-ownership-verification
www.joomla.org/announcements/release-news/5710-joomla-3-7-4-release.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
75.7%