CVE-2021-26032Cross-site Scripting in Joomla !

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.7%
top 27.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Joomla !Joomla! Project Joomla! CMS
Timeline
PublishedMay 26
Latest updateMay 24

Description

An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDjoomla/joomla_!3.0.03.9.26
CVEListV5joomla!_project/joomla!_cms3.0.0-3.9.26

🔴Vulnerability Details

2
GHSA
GHSA-jjxj-55qc-vc28: An issue was discovered in Joomla! 32022-05-24
CVEList
[20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload2021-05-26
CVE-2021-26032 — Cross-site Scripting in Joomla ! | cvebase