We just released Komento 2.0.7 to address a security issue where a remote attacker may be able to launch an xss attack in prior versions of Komento.
update notice: https://stackideas.com/blog/important-komento-2-0-7-security-fix
-
Home
-
Vulnerable Extensions
-
Resolved Extensions
- Komento 2.0.6 xss
Vulnerable Extensions
- osTicky2, , Other
- EasyShop, 1.4.1, XSS (Cross Site Scripting)
- LivingWord, , XSS (Cross Site Scripting)
- Plugin Creative Gallery , , SQL Injection
- Proforms Basic via sort_order parameter, , SQL Injection
- EXTPLORER, 2.1.15, XSS (Cross Site Scripting)
- LM-CUSTOM-ADMIN, , Other
- admirror gallery, , XSS (Cross Site Scripting)
- Proforms Basic Joomla Module, , Other
- acymailing, pre 8.7.0 , Other
Resolved Extensions
- HikaShop, 5.1.1, XSS (Cross Site Scripting)
- Advanced custom fields, 2.7.7, SQL Injection
- Phoca Gallery, 5.0.0, XSS (Cross Site Scripting)
- HikaShop Starter 4.7.5 [2308101603], HikaShop Starter 4.7.5 [2308101603], XSS (Cross Site Scripting)
- LazyDbBackup, 3.9.0, Other
- Virtual Classroom, , SQL Injection
- bagallery , , Other
- Solidres, 2.13.3, XSS (Cross Site Scripting)
- Edocman 1.24.7 - XSS issue fixed
- quickform, , Other