Home
MEDIUM: 5.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:UDefault status
unaffected
3.9.0-5.4.1
affected
6.0.0-6.0.1
affected
Description
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
3.9.0-5.4.1
6.0.0-6.0.1
Credits
peterhulst
References
developer.joomla.org/...-vector-in-the-pagebreak-plugin.html