What the vulnerability does
01Description
A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
What the vulnerability does
A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered.
Explanation of Vulnerability in Simple Terms
The ProFiles component for Joomla contains a cross-site scripting (XSS) vulnerability that allows authenticated administrators to inject malicious scripts. An attacker with high-level privileges and user interaction can execute arbitrary JavaScript in the context of other users' browsers. This vulnerability requires network access and administrator credentials to exploit.
What an attacker can do
Inject and execute malicious JavaScript code in other users' browsers.
Potential impact on your site
Administrators with malicious intent can steal session tokens, modify site content, or compromise other admin accounts.
Conditions required to exploit
Administrator account access and user interaction (victim must visit a crafted page).
Key dates
External resources
Related vulnerabilities