Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_98481
HistoryNov 05, 2018 - 12:00 a.m.

Joomla! 3.3.x < 3.8.4 Multiple Vulnerabilities

2018-11-0500:00:00
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.035 Low

EPSS

Percentile

91.5%

JSON

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities :

  • The XSS vulnerability in module chromes as noted in the 20180101 announcement affects 3.0.0 through 3.8.3. (CVE-2018-6380)

  • The XSS vulnerability in com_fields as noted in the 20180102 announcement affects 3.7.0 through 3.8.3. (CVE-2018-6377)

  • The XSS vulnerability in Uri class as noted in the 20180103 announcement affects 1.5.0 through 3.8.3. (CVE-2018-6379)

  • The SQLi vulnerability in Hathor postinstall message as noted in the 20180103 announcement affects 1.5.0 through 3.8.3. (CVE-2018-6379)

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data
VendorProductVersionCPE
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Related

nessus 13
cve 3
prion 3
osv 3
joomla 3
cvelist 3
openvas 3
nvd 3
checkpoint_advisories 1
nessus
nessus
Joomla! 3.0.x < 3.8.4 Multiple Vulnerabilities
2018-11-05 00:00:00
Joomla! 3.4.x < 3.8.4 Multiple Vulnerabilities
2018-11-05 00:00:00
Joomla! 3.6.x < 3.8.4 Multiple Vulnerabilities
2018-11-05 00:00:00
cve
cve
CVE-2018-6379
2018-01-30 17:29:00
CVE-2018-6377
2018-01-30 17:29:00
CVE-2018-6380
2018-01-30 17:29:00
prion
prion
Design/Logic Flaw
2018-01-30 17:29:00
Design/Logic Flaw
2018-01-30 17:29:00
Design/Logic Flaw
2018-01-30 17:29:00
osv
osv
CVE-2018-6379
2018-01-30 17:29:00
CVE-2018-6380
2018-01-30 17:29:00
CVE-2018-6377
2018-01-30 17:29:00
joomla
joomla
[20180103] - Core - XSS vulnerability in Uri class
2017-11-17 00:00:00
[20180101] - Core - XSS vulnerability in module chromes
2018-01-21 00:00:00
[20180102] - Core - XSS vulnerability in com_fields
2018-01-20 00:00:00
cvelist
cvelist
CVE-2018-6379
2018-01-30 17:00:00
CVE-2018-6380
2018-01-30 17:00:00
CVE-2018-6377
2018-01-30 17:00:00
openvas
openvas
Joomla 'Uri' class XSS Vulnerability
2018-01-31 00:00:00
Joomla 'Chromes' module XSS Vulnerability
2018-01-31 00:00:00
Joomla 3.7.0 <= 3.8.3 Multiple Vulnerabilities
2018-01-31 00:00:00
nvd
nvd
CVE-2018-6379
2018-01-30 17:29:00
CVE-2018-6380
2018-01-30 17:29:00
CVE-2018-6377
2018-01-30 17:29:00
checkpoint_advisories
checkpoint_advisories
Joomla! CMS Cross-Site Scripting (CVE-2018-6377)
2022-11-09 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.035 Low

EPSS

Percentile

91.5%

JSON
Related for WEB_APPLICATION_SCANNING_98481
nessus13cve3prion3osv3joomla3cvelist3openvas3nvd3checkpoint_advisories1