CVE-2020-13763

Published: Jun 2, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.

Affected (5)

Products: Joomla: Joomla!

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Joomla Joomla!	From 2.5.1 to 3.9.19
Joomla Joomla!	Version 2.5.0
Joomla Joomla!	Version 2.5.0 beta1
Joomla Joomla!	Version 2.5.0 beta2
Joomla Joomla!	Version 2.5.0 rc1

Related CWEs

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (2)

https://developer.joomla.org/security-centre/814-20200602-core-inconsistent-default-textfilter-settings

Source: cve@mitre.org

Vendor Advisory

https://developer.joomla.org/security-centre/814-20200602-core-inconsistent-default-textfilter-settings

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.