What the vulnerability does
01Description
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H
What the vulnerability does
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.
Explanation of Vulnerability in Simple Terms
The No Boss Testimonials component for Joomla versions 4.0.0 through 4.0.2 contains a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in the browsers of site visitors. The vulnerability requires user interaction—typically clicking a malicious link—but can affect both confidentiality and integrity of user sessions.
What an attacker can do
Inject malicious scripts that run in visitors' browsers, stealing session cookies or modifying page content.
Potential impact on your site
Visitor accounts and data at risk; attackers can steal credentials or deface content seen by your users.
Conditions required to exploit
Network access and user interaction (victim must click a malicious link or visit an attacker-controlled page).
Key dates
External resources
Related vulnerabilities