4Analytics Extension For Joomla
Monthly
Unauthenticated stored cross-site scripting in the 4Analytics analytics extension for Joomla (by weeblr.com) lets a remote attacker inject persistent JavaScript through a specially crafted request, with no login required. Because the payload is stored and later rendered in a privileged context, it can escalate to full website takeover under some conditions. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Stored cross-site scripting in the 4Analytics privacy analytics extension for Joomla (by weeblr.com) lets unauthenticated attackers inject persistent JavaScript that executes when a victim views the AI analysis feature. Because injection requires no authentication (PR:N) but execution requires a victim to open the affected view (UI:A), an attacker can seed malicious script that later runs in a privileged operator's browser session. There is no public exploit identified at time of analysis and the extension is not listed in CISA KEV.
Unauthenticated stored cross-site scripting in the 4Analytics analytics extension for Joomla (by weeblr.com) lets a remote attacker inject persistent JavaScript through a specially crafted request, with no login required. Because the payload is stored and later rendered in a privileged context, it can escalate to full website takeover under some conditions. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Stored cross-site scripting in the 4Analytics privacy analytics extension for Joomla (by weeblr.com) lets unauthenticated attackers inject persistent JavaScript that executes when a victim views the AI analysis feature. Because injection requires no authentication (PR:N) but execution requires a victim to open the affected view (UI:A), an attacker can seed malicious script that later runs in a privileged operator's browser session. There is no public exploit identified at time of analysis and the extension is not listed in CISA KEV.