CVE-2007-3249
published 2007-06-18CVE-2007-3249: Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.93%
77.5th percentile
Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla | letterman_subscriber | <= 1.2.3 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=full-disclosure&m=118184411720509&w=2http://osvdb.org/36376http://secunia.com/advisories/25670http://www.securityfocus.com/bid/24479http://www.thejfactory.com/http://www.vupen.com/english/advisories/2007/2215https://exchange.xforce.ibmcloud.com/vulnerabilities/34870http://marc.info/?l=full-disclosure&m=118184411720509&w=2http://osvdb.org/36376http://secunia.com/advisories/25670http://www.securityfocus.com/bid/24479http://www.thejfactory.com/http://www.vupen.com/english/advisories/2007/2215https://exchange.xforce.ibmcloud.com/vulnerabilities/34870
2007-06-18
Published