CVE-2013-5956

Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:joomlaboat:com_youtubegallery:3.4.0:*:*:*:*:joomla\!:*:*

History

21 Nov 2024, 01:58

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html - Exploit () http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html - Exploit
References () http://seclists.org/fulldisclosure/2014/Mar/264 - Exploit () http://seclists.org/fulldisclosure/2014/Mar/264 - Exploit
References () http://seclists.org/fulldisclosure/2014/Mar/288 - Exploit () http://seclists.org/fulldisclosure/2014/Mar/288 - Exploit

Information

Published : 2014-04-25 14:15

Updated : 2025-04-12 10:46


NVD link : CVE-2013-5956

Mitre link : CVE-2013-5956

CVE.ORG link : CVE-2013-5956


JSON object : View

Products Affected

joomlaboat

  • com_youtubegallery
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')