CVE-2019-9920

EUVD-2019-19275
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AC:L/AV:N/A:N/C:N/I:H/PR:L/S:C/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
harmistechnologyje_messenger
1.2.2
𝑥
= Vulnerable software versions
References
https://extensions.joomla.org/extension/je-messenger/
https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9920.md
https://extensions.joomla.org/extension/je-messenger/
https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9920.md