Convert Forms
CVE-2024-40745
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from Vendor (joomla) · only source for this CVE.
CVSS VectorVendor: joomla
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.
AnalysisAI
Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8. Affected products include: Convert Forms Project Convert Forms. Version information: before 4.4.8..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Convert Forms
View allThe Convert Forms extension before 2.0.4 for Joomla!. Rated high severity (CVSS 7.8), this vulnerability is no authentic
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. Rated criti
Arbitrary file deletion in the Novarain/Tassos Framework system plugin (plg_system_nrframework) and the suite of Tassos.
A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticate
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today