Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting

Exploit Title: Joomla Plugin Easydiscuss inside the body, everything after the will be executed in the user’s browser. Works with every version up to 4.0.20 2. Proof of Concept Login with permissions to post a message, insert in the body and add any html code after that, whenever a user tries to...

CVE-2018-5263

The StackIdeas EasyDiscuss aka comeasydiscuss extension before 4.0.21 for Joomla! allows XSS...

Cross site scripting

The StackIdeas EasyDiscuss aka comeasydiscuss extension before 4.0.21 for Joomla! allows XSS...

CVE-2018-5263

The StackIdeas EasyDiscuss aka comeasydiscuss extension before 4.0.21 for Joomla! allows XSS...

CVE-2018-5263

CVE-2018-5263 concerns the StackIdeas EasyDiscuss Joomla! extension (com_easydiscuss) prior to 4.0.21. The vulnerability is a cross-site scripting (XSS) flaw triggered when editing a message: injecting a payload can cause script execution in a user’s browser after the textarea closes. Affected v...

Easy Discuss, 4.0.20, XSS

Easy Discuss by Stackideas, versions 4.0.20 and previous, XSS Resolution: update to 4.0.21 update notice: https://stackideas.com/blog/easydiscuss4021-update...

CVE-2015-7324

CVE-2015-7324 concerns the StackIdeas Komento (com_komento) Joomla! component, prior to version 2.0.5. The vulnerability arises in helpers/comment.php where remote attackers can inject arbitrary HTML/script via the (1) img or (2) url tag when posting a new comment, constituting a cross-site scrip...

Komento, 2.0.4 and previous, XSS (Cross Site Scripting)

Stackideas Komento, prior to 2.0.5, XSS Cross Site Scripting Resolved in version 2.0.5 Update notice: http://stackideas.com/changelog/komento?version=2.0.5...

Joomla Sectionex Component 2.5.96 - SQL Injection Vulnerability

No description provided by source. ------------------------------------------------------------------------------------- Joomla comsectionex v2.5.96 SQL Injection vulnerabilities ------------------------------------------------------------------------------------- == Description == - Software lin...

CVE-2014-1837

Cross-site scripting XSS vulnerability in the StackIdeas Komento comkomento component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."...

Cross site scripting

Cross-site scripting XSS vulnerability in the StackIdeas Komento comkomento component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."...

CVE-2014-1837

Cross-site scripting XSS vulnerability in the StackIdeas Komento comkomento component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."...

CVE-2014-1837

CVE-2014-1837 describes a cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component for Joomla! prior to version 1.7.4. The issue allows remote attackers to inject arbitrary web script or HTML via vectors related to adding or checking new comments. The NVD entry i...

CVE-2014-0793

Multiple cross-site scripting XSS vulnerabilities in the StackIdeas Komento comkomento component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 website or 2 latitude parameter in a comment to the default URI...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the StackIdeas Komento comkomento component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 website or 2 latitude parameter in a comment to the default URI...

CVE-2014-0793

Multiple cross-site scripting XSS vulnerabilities in the StackIdeas Komento comkomento component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 website or 2 latitude parameter in a comment to the default URI...

CVE-2014-0793

The CVE-2014-0793 issue affects the Komento Joomla Extension (Stack Ideas) before 1.7.3. The vulnerability is a Cross‑Site Scripting (XSS) flaw in user-supplied data passed via the website and latitude fields in a comment submitted to ?option=com_komento, enabling remote attackers to inject arbit...

Joomla StackIdeas Extensions Multiple Vulnerabilities

Affected extensions: - SectionEx - Komento - Easy Discuss - Easy Blog - Easy Social P.S Tests were performed without an user account, there is a high probability that there's more vulnerabilities...

Joomla com_sectionex v2.5.96 SQL Injection vulnerabilities

------------------------------------------------------------------------------------- Joomla comsectionex v2.5.96 SQL Injection vulnerabilities ------------------------------------------------------------------------------------- == Description == - Software link: http://stackideas.com/sectionex ...

Joomla SectionEx 2.5.96 SQL Injection

------------------------------------------------------------------------------------- Joomla comsectionex v2.5.96 SQL Injection vulnerabilities ------------------------------------------------------------------------------------- == Description == - Software link: http://stackideas.com/sectionex ...