K2,2.7.0,XSS (Cross Site Scripting)
resolution: update to 2.7.1
update notice url: https://getk2.org/blog/2571-k2-v271-released
Note that the VEL do not agree with the developer's assessment that XSS vulnerability is low priority
.
-
Home
-
Vulnerable Extensions
-
Resolved Extensions
- K2,2.7.0,XSS (Cross Site Scripting)
Vulnerable Extensions
- osTicky2, , Other
- EasyShop, 1.4.1, XSS (Cross Site Scripting)
- LivingWord, , XSS (Cross Site Scripting)
- Plugin Creative Gallery , , SQL Injection
- Proforms Basic via sort_order parameter, , SQL Injection
- EXTPLORER, 2.1.15, XSS (Cross Site Scripting)
- LM-CUSTOM-ADMIN, , Other
- admirror gallery, , XSS (Cross Site Scripting)
- Proforms Basic Joomla Module, , Other
- acymailing, pre 8.7.0 , Other
Resolved Extensions
- HikaShop, 5.1.1, XSS (Cross Site Scripting)
- Advanced custom fields, 2.7.7, SQL Injection
- Phoca Gallery, 5.0.0, XSS (Cross Site Scripting)
- HikaShop Starter 4.7.5 [2308101603], HikaShop Starter 4.7.5 [2308101603], XSS (Cross Site Scripting)
- LazyDbBackup, 3.9.0, Other
- Virtual Classroom, , SQL Injection
- bagallery , , Other
- Solidres, 2.13.3, XSS (Cross Site Scripting)
- Edocman 1.24.7 - XSS issue fixed
- quickform, , Other