CVE-2019-9920

An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AC:L/AV:N/A:N/C:N/I:H/PR:L/S:C/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
harmistechnologyje_messenger
1.2.2
𝑥
= Vulnerable software versions
References
https://extensions.joomla.org/extension/je-messenger/
https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9920.md
https://extensions.joomla.org/extension/je-messenger/
https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9920.md