VYPR
Medium severity6.1NVD Advisory· Published Mar 22, 2017· Updated Jun 17, 2026

CVE-2017-5673

CVE-2017-5673

Description

In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5.

Affected products

4
  • Kunena/Kunena4 versions
    cpe:2.3:a:kunena:kunena:5.0.2:*:*:*:*:joomla\!:*:*+ 3 more
    • cpe:2.3:a:kunena:kunena:5.0.2:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:kunena:kunena:5.0.3:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:kunena:kunena:5.0.4:*:*:*:*:joomla\!:*:*
    • (no CPE)range: 5.0.2 - 5.0.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.