CVE-2024-21731

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

History

16 Aug 2024, 14:54

Type Values Removed Values Added
CPE cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
First Time Joomla
Joomla joomla\!
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
Summary
  • (es) El manejo inadecuado de la entrada podría generar un vector XSS en el método StringHelper::truncate.
References () https://developer.joomla.org/security-centre/937-20240703-core-xss-in-stringhelper-truncate-method.html - () https://developer.joomla.org/security-centre/937-20240703-core-xss-in-stringhelper-truncate-method.html - Vendor Advisory

09 Jul 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 17:15

Updated : 2024-08-16 14:54


NVD link : CVE-2024-21731

Mitre link : CVE-2024-21731

CVE.ORG link : CVE-2024-21731


JSON object : View

Products Affected

joomla

  • joomla\!
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')