← Back

CVE-2017-7987

nvd nist
Published: Apr 25, 2017Modified: May 13, 2026

JSON object

Loading...
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.

Affected (57)

Products: Joomla: Joomla!
Joomla
1 product
Joomla!
Configuration A
57 vulnerable
Vulnerable SoftwareAffected Versions
Joomla
Joomla!
Version 3.2.0
Joomla!
Version 3.2.1
Joomla!
Version 3.2.2
Joomla!
Version 3.2.3
Joomla!
Version 3.2.4
Joomla!
Version 3.3.0
Joomla!
Version 3.3.1
Joomla!
Version 3.3.2
Joomla!
Version 3.3.3
Joomla!
Version 3.3.4
Joomla!
Version 3.3.5
Joomla!
Version 3.4.0
Joomla!
Version 3.4.0 alpha
Joomla!
Version 3.4.0 beta1
Joomla!
Version 3.4.0 beta2
Joomla!
Version 3.4.0 beta3
Joomla!
Version 3.4.0 rc1
Joomla!
Version 3.4.1
Joomla!
Version 3.4.1 rc1
Joomla!
Version 3.4.1 rc2
Joomla!
Version 3.4.2
Joomla!
Version 3.4.2 rc1
Joomla!
Version 3.4.3
Joomla!
Version 3.4.4
Joomla!
Version 3.4.5
Joomla!
Version 3.4.6
Joomla!
Version 3.4.7
Joomla!
Version 3.4.8
Joomla!
Version 3.4.8 rc
Joomla!
Version 3.5.0
Joomla!
Version 3.5.0 beta2
Joomla!
Version 3.5.0 beta3
Joomla!
Version 3.5.0 beta4
Joomla!
Version 3.5.0 beta5
Joomla!
Version 3.5.0 beta
Joomla!
Version 3.5.0 rc2
Joomla!
Version 3.5.0 rc3
Joomla!
Version 3.5.0 rc4
Joomla!
Version 3.5.0 rc
Joomla!
Version 3.5.1
Joomla!
Version 3.5.1 rc
Joomla!
Version 3.6.0
Joomla!
Version 3.6.0 alpha
Joomla!
Version 3.6.0 beta1
Joomla!
Version 3.6.0 beta2
Joomla!
Version 3.6.0 rc2
Joomla!
Version 3.6.0 rc
Joomla!
Version 3.6.1
Joomla!
Version 3.6.1 rc1
Joomla!
Version 3.6.1 rc2
Joomla!
Version 3.6.2
Joomla!
Version 3.6.3
Joomla!
Version 3.6.3 rc1
Joomla!
Version 3.6.3 rc2
Joomla!
Version 3.6.3 rc3
Joomla!
Version 3.6.4
Joomla!
Version 3.6.5

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.