Joomla! Kunena Extension CVE-2017-5673 Multiple Cross Site Scripting Vulnerabilities

The Kunena Extension for Joomla! is prone to a multiple cross-site-scripting Vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. These may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Kunena extension 5.0.2 through 5.0.4 are vulnerable.

Information

Bugtraq ID: 101677
Class: Input Validation Error
CVE: CVE-2017-5673

Remote: Yes
Local: No
Published: Mar 22 2017 12:00AM
Updated: Nov 13 2017 05:06PM
Credit: Demis Palma - Fox Labs
Vulnerable: Kunena Kunena 5.0.4
Kunena Kunena 5.0.3
Kunena Kunena 5.0.2

Not Vulnerable: Kunena Kunena 5.0.5

Exploit

An attacker can exploit these issues using a web browser.

References:

• Kunena home page (kunena)
  
• Xss fixed version (Kunena)
  
• Fox.ra (Kunena)
  

Source: www.securityfocus.com