Vulnerabilities > Kunena

DATE CVE VULNERABILITY TITLE RISK
2020-02-25 CVE-2016-11020 Unrestricted Upload of File with Dangerous Type vulnerability in Kunena
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png.
network
low complexity
kunena CWE-434
critical
9.8
2019-08-16 CVE-2019-15120 Cross-site Scripting vulnerability in Kunena
The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.
network
low complexity
kunena CWE-79
5.4
2017-03-22 CVE-2017-5673 Cross-site Scripting vulnerability in Kunena 5.0.2/5.0.3/5.0.4
In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS.
network
low complexity
kunena CWE-79
6.1