Lucene search

[email protected]CVE-2011-4830

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-4830

2022-10-0316:15:14

CWE-79

[email protected]

web.nvd.nist.gov

cve

2011

4830

cross-site scripting

xss

vulnerability

com_listing

barter sites

joomla

remote authenticated users

web script

html

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.

Affected configurations

NVD

Node

barter-sitescom_listingMatch1.3

AND

joomlajoomla\!

CPENameOperatorVersion
barter-sites:com_listingbarter-sites com listingeq1.3

CPE	Name	Operator	Version
barter-sites:com_listing	barter-sites com listing	eq	1.3

References

docs.joomla.org/Vulnerable_Extensions_List#Barter_Sites_1.3

my.barter-sites.com/index.php?option=com_content&view=article&id=6&Itemid=25

www.exploit-db.com/exploits/18046

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Related for CVE-2011-4830

cvelist1 checkpoint_advisories1 prion1 nvd1 openvas2