What the vulnerability does
01Description
A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
What the vulnerability does
A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter.
Explanation of Vulnerability in Simple Terms
RSMail! for Joomla contains a cross-site scripting (XSS) vulnerability in versions 1.19.20 through 1.22.28. An attacker can inject malicious scripts that execute in a user's browser when they interact with affected pages. The vulnerability requires user interaction to trigger. Update to a version newer than 1.22.28 to resolve this issue.
What an attacker can do
Inject malicious scripts that run in users' browsers when they visit or interact with affected pages.
Potential impact on your site
Attackers can steal session cookies, redirect users, or deface content visible to site visitors.
Conditions required to exploit
Network access to the Joomla site; victim must click a link or visit a page containing the injected script.
Key dates
External resources
Related vulnerabilities