BIT-joomla-2021-26030

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/joomla/BIT-joomla-2021-26030.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-joomla-2021-26030

Aliases

CVE-2021-26030

Published

2025-04-03T14:13:02.387Z

Modified

2025-05-20T10:02:07.006Z

Summary

[20210401] - Core - Escape xss in logo parameter error pages

Details

An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page

Database specific

{
    "cpes": [
        "cpe:2.3:a:joomla:joomla!:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://developer.joomla.org/security-centre/850-20210401-core-escape-xss-in-logo-parameter-error-pages.html
https://nvd.nist.gov/vuln/detail/CVE-2021-26030

Affected packages

Bitnami / joomla

Package

Name: joomla
Purl: pkg:bitnami/joomla

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

3.0.0

Last affected

3.9.25