CVE-2024-26279

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-26279
The wrapper extensions do not correctly validate inputs, leading to XSS vectors.

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://developer.joomla.org/security-centre/938-20240704-core-xss-in-wrapper-extensions.html Vendor Advisory
https://developer.joomla.org/security-centre/938-20240704-core-xss-in-wrapper-extensions.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
History

19 Jul 2024, 18:53

Type Values Removed Values Added
CWE CWE-79
First Time Joomla joomla\!
Joomla
References () https://developer.joomla.org/security-centre/938-20240704-core-xss-in-wrapper-extensions.html - () https://developer.joomla.org/security-centre/938-20240704-core-xss-in-wrapper-extensions.html - Vendor Advisory
CPE cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.1

10 Jul 2024, 09:15

Type Values Removed Values Added
Summary Inadequate content filtering leads to XSS vulnerabilities in various components. The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
References
  • {'url': 'https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html', 'name': 'https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html', 'tags': [], 'refsource': ''}
  • () https://developer.joomla.org/security-centre/938-20240704-core-xss-in-wrapper-extensions.html -

09 Jul 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-09 17:15

Updated : 2025-03-25 18:15

NVD link : CVE-2024-26279

Mitre link : CVE-2024-26279

JSON object : View

Products Affected

joomla

  • joomla\!
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')