What the vulnerability does
01Description
Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
What the vulnerability does
Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.
Explanation of Vulnerability in Simple Terms
The EasyDiscuss extension for Joomla contains a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious scripts into the application. An attacker with low-level account access can craft input that executes in other users' browsers when they view affected content. This can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of victims.
What an attacker can do
Inject and execute malicious JavaScript in other users' browsers to steal sessions, credentials, or perform actions as the victim.
Potential impact on your site
Authenticated users can compromise other users' accounts and data; site reputation and user trust are at risk.
Conditions required to exploit
Attacker must have a low-privilege Joomla account and the victim must view a page containing the attacker's malicious input.
Key dates
External resources
Related vulnerabilities