Lucene search

MitreCVE-2009-4651

HistoryFeb 22, 2010 - 9:30 p.m.

CVE-2009-4651

2010-02-2221:30:00

CWE-79

mitre

web.nvd.nist.gov

cve-2009-4651

cross-site scripting

xss

webee comments

com_webeecomment

joomla!

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors.

Affected configurations

Nvd

Node

onnogroencom_webeecommentMatch1.1.1

onnogroencom_webeecommentMatch1.2

onnogroencom_webeecommentMatch2.0

AND

joomlajoomla\!

VendorProductVersionCPE
onnogroencom_webeecomment1.1.1cpe:2.3:a:onnogroen:com_webeecomment:1.1.1:*:*:*:*:*:*:*
onnogroencom_webeecomment1.2cpe:2.3:a:onnogroen:com_webeecomment:1.2:*:*:*:*:*:*:*
onnogroencom_webeecomment2.0cpe:2.3:a:onnogroen:com_webeecomment:2.0:*:*:*:*:*:*:*
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
onnogroen	com_webeecomment	1.1.1	cpe:2.3:a:onnogroen:com_webeecomment:1.1.1:::::::*
onnogroen	com_webeecomment	1.2	cpe:2.3:a:onnogroen:com_webeecomment:1.2:::::::*
onnogroen	com_webeecomment	2.0	cpe:2.3:a:onnogroen:com_webeecomment:2.0:::::::*
joomla	joomla\!	*	cpe:2.3:a:joomla:joomla\!::::::::

References

jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html

www.securityfocus.com/bid/38204

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

Related for CVE-2009-4651