vendor:
jDownloads
by:
Sureshbabu Narvaneni
6.1
CVSS
MEDIUM
Cross-site scripting (XSS)
79
CWE
Product Name: jDownloads
Affected Version From: 3.2.58
Affected Version To: 3.2.59
Patch Exists: YES
Related CWE: CVE-2018-10068
CPE: a:jdownloads:jdownloads
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Win7 Enterprise x86/Kali Linux 4.12 i686
2018
Joomla! Component jDownloads 3.2.58 – Cross Site Scripting
Cross-site scripting (XSS) vulnerability in plupoad flash component in jDownloads before 3.2.59 allows remote attackers to inject arbitrary web script.
Mitigation:
Upgrade to latest release.