{"id":"CVE-2017-5673","details":"In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5.","modified":"2026-04-10T04:01:43.594503Z","published":"2017-03-22T17:59:00.173Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/101677"},{"type":"EVIDENCE","url":"http://www.fox.ra.it/technical-articles/kunena-vulnerability-2017-01.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kunena/kunena-forum","events":[{"introduced":"0"},{"last_affected":"4719caed961a3fc4d70d2083f5820359211c70cf"},{"introduced":"0"},{"last_affected":"babce30e4962ea8546ac9ca0f03123548be9a307"},{"introduced":"0"},{"last_affected":"7f7696ce53b7a57c7affa5cf4190e07c5f105383"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.0.2"},{"introduced":"0"},{"last_affected":"5.0.3"},{"introduced":"0"},{"last_affected":"5.0.4"}]}}],"versions":["2.0.0","2.0.1","2.0.2","4.0.0","4.0.0-Beta1","4.0.0-Beta2","4.0.0-Beta3","4.0.0-RC1","5.0.0","5.0.0-Beta1","5.0.0-Beta2","5.0.0-Beta3","5.0.0-Beta4","5.0.0-Beta5","5.0.0-RC1","5.0.0-RC2","5.0.0-RC3","5.0.0-RC4","5.0.0-RC5","5.0.1","5.0.2","5.0.3","5.0.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5673.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}