CVE-2021-23124

Medium

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.

Joomla·CWE-79·Published 2021-01-12

CVSS

6.1

EPSS

0.81

KEV

Exploits

cve.orgen

137 chars

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.

NVDen

137 chars

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.

NVDes

158 chars

Se detectó un problema en Joomla! versiones 3.9.0 hasta 3.9.23. Una falta de escape en el atributo aria-label de mod_breadcrumbs permite ataques XSS

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N