Cross site scripting

2010-06-0800:30:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to “various administrator screens,” possibly the search parameter in administrator/index.php.

CPENameOperatorVersion
joomla\\!eq1.5.11
joomla\\!eq1.5.13
joomla\\!eq1.5.3
joomla\\!eq1.5.2
joomla\\!eq1.5.9
joomla\\!eq1.5.16
joomla\\!eq1.5.4
joomla\\!eq1.5.10
joomla\\!eq1.5.7
joomla\\!eq1.5.0

Name	Operator	Version
joomla\\!	eq	1.5.11
joomla\\!	eq	1.5.13
joomla\\!	eq	1.5.3
joomla\\!	eq	1.5.2
joomla\\!	eq	1.5.9
joomla\\!	eq	1.5.16
joomla\\!	eq	1.5.4
joomla\\!	eq	1.5.10
joomla\\!	eq	1.5.7
joomla\\!	eq	1.5.0

Rows per page:

1-10 of 181

References

developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29

secunia.com/advisories/39964

www.osvdb.org/65011

www.securityfocus.com/bid/40444