Phoca Cz Phoca Maps For Joomla
Monthly
Stored XSS vulnerabilities in Phoca Maps for Joomla 5.0.0-6.0.2 allow unauthenticated remote attackers to inject and execute arbitrary JavaScript in map and icon rendering logic, potentially compromising user sessions and stealing sensitive data. CVSS 6.5 reflects network accessibility and information disclosure risk, though EPSS (0.03%) suggests low current exploitation likelihood. The vulnerability requires no authentication or user interaction to inject payloads, but stored nature means victims are affected upon viewing contaminated maps.
Stored XSS vulnerabilities in Phoca Maps for Joomla 5.0.0-6.0.2 allow unauthenticated remote attackers to inject and execute arbitrary JavaScript in map and icon rendering logic, potentially compromising user sessions and stealing sensitive data. CVSS 6.5 reflects network accessibility and information disclosure risk, though EPSS (0.03%) suggests low current exploitation likelihood. The vulnerability requires no authentication or user interaction to inject payloads, but stored nature means victims are affected upon viewing contaminated maps.