What the vulnerability does
01Description
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H
What the vulnerability does
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.
Explanation of Vulnerability in Simple Terms
The CommentBox component for Joomla contains a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into comments. An attacker can craft a comment containing JavaScript code that executes in the browsers of other users viewing the comments. This requires user interaction—the victim must view the affected comment. The vulnerability affects versions 1.0.0 through 1.1.0.
What an attacker can do
Inject JavaScript code that runs in other users' browsers when they view comments.
Potential impact on your site
Attackers can steal session cookies, redirect users, or deface comment sections without needing admin access.
Conditions required to exploit
Network access to the Joomla site; victim must view a comment containing the malicious payload.
Key dates
External resources
Related vulnerabilities