CVE-2017-7984 — Cross-site Scripting in Joomla !

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 98.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 25

Latest updateMay 17

Description

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶NVDjoomla/joomla_!28 versions+27

GHSA

GHSA-rh7f-mxh6-pf6v: In Joomla! 3↗2022-05-17

▶

CVEList

CVE-2017-7984: In Joomla! 3↗2017-04-25

▶

Bugzilla

CVE-2017-16906 CVE-2017-16907 CVE-2017-16908 php-horde-horde: Multiple vulnerabilities↗2017-11-21

▶