According to the report, successful exploitation of these flaws could lead to scenarios such as cross-site scripting (XSS) attacks, request forgery, among others.
The first of the reported flaws exists due to inadequate disinfection of user input in the header tag option in some CMS modules and would allow the deployment of cross-site scripting (XSS) attacks.
The second reported vulnerability, with a CVSS score of 5.7/10, exists because the default setting of the “textfilter” function does not block HTML entries for ‘Guest’ users, which would allow malicious hackers to deploy an XSS attack.
The third report refers to a vulnerability existing due to inadequate debugging in the data entered into com_modules; a remote hacker could trick a target user into opening a specially crafted link in order to execute arbitrary HTML in the context of a vulnerable website.
This flaw received a CVSS score of 5.3/10, so it is considered low risk even though it could be exploited remotely by unauthenticated hackers.