CVE-2023-38045: Extension - admiror-design-studio.com - XSS in Admiror Gallery component for Joomla 5.0.0-5.2.0
First published: Mon Aug 07 2023(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.
Credit: security@joomla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Admiror Gallery | >=5.0.0<=5.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-38045?
CVE-2023-38045 is classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2023-38045?
To fix CVE-2023-38045, update the oneVote component for Joomla to the latest version as advised by the vendor.
What software versions are affected by CVE-2023-38045?
CVE-2023-38045 affects the oneVote component for Joomla versions between 5.0.0 and 5.2.0.
Can CVE-2023-38045 affect my Joomla installation?
Yes, if you are using the affected versions of the oneVote component in Joomla, your installation could be at risk.
What type of vulnerability is CVE-2023-38045?
CVE-2023-38045 is an improper neutralization of input during web page generation, leading to cross-site scripting (XSS) vulnerabilities.
- agent/author
- agent/type
- agent/softwarecombine
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/admiror-design-studio
- canonical/admiror gallery
- version/admiror gallery/5.0.0
- version/admiror gallery/5.2.0