Cross site scripting

2010-12-0613:37:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.8%

JSON

Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
sh404sefle2.1.7.761
sh404sefeq1.5.2.255
sh404sefeq1.5.3.296
sh404sefeq1.5.4.302
sh404sefeq1.5.5.388
sh404sefeq1.5.6.398
sh404sefeq1.5.7.407
sh404sefeq1.5.8.432
sh404sefeq1.5.9.434
sh404sefeq1.5.10.446

Name	Operator	Version
sh404sef	le	2.1.7.761
sh404sef	eq	1.5.2.255
sh404sef	eq	1.5.3.296
sh404sef	eq	1.5.4.302
sh404sef	eq	1.5.5.388
sh404sef	eq	1.5.6.398
sh404sef	eq	1.5.7.407
sh404sef	eq	1.5.8.432
sh404sef	eq	1.5.9.434
sh404sef	eq	1.5.10.446

Rows per page:

1-10 of 231

References

dev.anything-digital.com/Forum/Announcements/9100-Urgent-sh404SEF-security-release-Joomla-1.5/

secunia.com/advisories/42430

www.securityfocus.com/bid/45135

twitter.com/jeffchannell/status/8603529560195072