A vulnerability was found in Joomla CMS up to 3.2.2 (Content Management System) and classified as problematic. Affected by this issue is the function com_contact. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the problem leads to CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Impacted is integrity. CVE summarizes:

Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

The weakness was published 03/04/2014 (Website). The advisory is shared for download at developer.joomla.org. This vulnerability is handled as CVE-2014-7983 since 10/08/2014. The attack may be launched remotely. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. Technical details as well as a exploit are known. The MITRE ATT&CK project declares the attack technique as T1059.007.

It is declared as highly functional. The vulnerability scanner Nessus provides a plugin with the ID 73025 (Joomla! 3.x < 3.2.3 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CGI abuses.

Upgrading to version 3.2.3 eliminates this vulnerability.

The vulnerability is also documented in the databases at X-Force (99763) and Tenable (73025). Similar entries are available at 12308, 68545, 71892 and 71891.

Productinfo

Type

• Content Management System

Vendor

• Joomla

Name

• CMS

Version

• 3.1.2
• 3.1.3
• 3.1.4
• 3.1.5
• 3.1.6
• 3.2.0
• 3.2.1
• 3.2.2

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion