What the vulnerability does
01Description
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
What the vulnerability does
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.
Explanation of Vulnerability in Simple Terms
The Quantum Manager component for Joomla contains a cross-site scripting (XSS) vulnerability that allows high-privilege users to inject malicious scripts. An attacker with administrator or manager access can craft input that executes JavaScript in other users' browsers, potentially compromising site security or stealing session data. Update to a patched version when available.
What an attacker can do
Inject JavaScript that runs in other users' browsers, potentially stealing sessions or modifying site content.
Potential impact on your site
A compromised admin or manager account can inject malicious scripts affecting all site visitors and other administrators.
Conditions required to exploit
Attacker must have high-level Joomla user privileges (administrator or manager role).
Key dates
External resources
Related vulnerabilities