What the vulnerability does
01Description
A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
What the vulnerability does
A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items.
Explanation of Vulnerability in Simple Terms
The Balbooa Gallery component for Joomla contains a cross-site scripting (XSS) vulnerability that allows high-privilege users to inject malicious scripts. An attacker with administrative or elevated permissions can craft input that executes JavaScript in other users' browsers, potentially compromising site security or stealing session data. This vulnerability requires authenticated access with high privileges to exploit.
What an attacker can do
Inject JavaScript code that runs in other users' browsers when they view affected pages.
Potential impact on your site
A compromised admin account could inject malicious scripts affecting all site visitors and potentially stealing credentials or session tokens.
Conditions required to exploit
Attacker must have high-level administrative or privileged account access to the Joomla site.
Key dates
External resources
Related vulnerabilities