Security Advisories
Vulnerabilities identified by Horizon during security assessments and research activities
Vulnerabilities identified by Horizon during security assessments and research activities
Horizon Security has identified an Unrestricted File Upload vulnerability involving the Convert Forms extension by Tassos Marinos, mainly used by web applications developed with well-known frameworks such as Joomla. This insecure behavior makes it possible to upload any type of file to the web server, which could allow the distribution of malicious files to the form’s recipients or, depending on the server’s configuration, the potential execution of malicious code on the server hosting the web application.
Thursday, 5 December 2024Horizon Security Staff
Horizon Security identified a reflected Cross-Site Scripting (XSS) vulnerability affecting the Tassos Marino's Convert Forms extension, primarily used by web applications developed with well-known frameworks such as Joomla. This vulnerability allows unauthenticated attackers to create specially crafted malicious web pages aimed at forcing the victim's web browser to upload a file, containing malicious code in its name, to the web server via the vulnerable file upload functionality of the Convert Forms extension.
Wednesday, 4 December 2024Horizon Security Staff