Home
MEDIUM: 5.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:UDefault status
unaffected
4.0.0-5.4.6
affected
6.0.0-6.1.1
affected
Description
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
4.0.0-5.4.6
6.0.0-6.1.1
Credits
Jorian Woltjer
References
developer.joomla.org/...60704-core-xss-in-com-templates.html