CVE-2013-3931

Current Description

Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details.

Basic Data

PublishedJanuary 02, 2020
Last ModifiedJanuary 09, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score3.5
SeverityLOW
Exploitability Score6.8
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationJomresJomres*****joomla!**7.3.1

Vulnerable Software List

VendorProductVersions
Jomres Jomres *

References

NameSourceURLTags
http://www.securityfocus.com/bid/61634http://www.securityfocus.com/bid/61634MISCThird Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/86251https://exchange.xforce.ibmcloud.com/vulnerabilities/86251MISCThird Party Advisory VDB Entry
https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.htmlhttps://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-scripMISCThird Party Advisory