Vulnerabilities > Kunena > Kunena > 5.0.3

DATE CVE VULNERABILITY TITLE RISK
2020-02-25 CVE-2016-11020 Unrestricted Upload of File with Dangerous Type vulnerability in Kunena 5.0.2/5.0.3
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png.
network
low complexity
kunena CWE-434
7.5
7.5
2019-08-16 CVE-2019-15120 Cross-site Scripting vulnerability in Kunena
The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.
network
low complexity
kunena CWE-79
5.4
5.4
2017-03-22 CVE-2017-5673 Cross-site Scripting vulnerability in Kunena 5.0.2/5.0.3/5.0.4
In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS.
network
kunena CWE-79
4.3
4.3