PT-2019-19935 · Joomla · Harmis Je Messenger
Published
2019-03-29
·
Updated
2023-02-03
·
CVE-2019-9919
CVSS v3.1
5.4
Medium
| Vector | AC:L/AV:N/A:N/C:L/I:L/PR:L/S:C/UI:R |
Name of the Vulnerable Software and Affected Versions
Harmis JE Messenger component version 1.2.2
Description
An issue was discovered in the Harmis JE Messenger component for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened.
Recommendations
For version 1.2.2, consider disabling the execution of JavaScript in received messages until a patch is available. Restrict access to the messaging functionality to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Harmis Je Messenger