Описание
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.8.8 (исключая)
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00058
Низкий
4.7 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.7
github
больше 3 лет назад
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.
EPSS
Процентиль: 18%
0.00058
Низкий
4.7 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-79