Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stackideas | Komento | < 2.0.5 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2015/Oct/11Mailing ListThird Party AdvisoryVDB Entry
- https://stackideas.com/changelog/komento?version=2.0.5Release NotesVendor Advisory
- https://www.davidsopas.com/komento-joomla-component-persistent-xss/ExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2015/Oct/11Mailing ListThird Party AdvisoryVDB Entry
- https://stackideas.com/changelog/komento?version=2.0.5Release NotesVendor Advisory
- https://www.davidsopas.com/komento-joomla-component-persistent-xss/ExploitThird Party Advisory
FAQ
What is CVE-2015-7324?
CVE-2015-7324 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web scr...
How severe is CVE-2015-7324?
CVE-2015-7324 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7324?
Check the references section above for vendor advisories and patch information. Affected products include: Stackideas Komento.