Description

The Kunena forum extension for Joomla suffers from multiple SQL injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. The vulnerabilities affect Kunena v3.0.5 and earlier.

Remediation

Upgrade to the latest version of Kunena Forum (this problems was fixed in version 3.0.6).

References

Kunena Forum for Joomla Multiple Vulnerabilities

Kunena 3.0.6 Released

Related Vulnerabilities

WordPress Plugin Ivory Search-WordPress Search Cross-Site Scripting (4.7.1)

WordPress Plugin WP Customer Reviews Cross-Site Scripting (3.4.2)

WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.1.5)

WordPress Plugin WordPress Custom Settings Cross-Site Scripting (1.0)

WordPress Plugin Raygun4WP Cross-Site Scripting (1.8.0)

Severity

High

Classification

CVE-2014-9102 CVE-2014-9103 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

SQL Injection XSS