Cross site scripting

2011-12-1400:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
com_hmcommunityle1.0

CPE	Name	Operator	Version
	com_hmcommunity	le	1.0

References

joomlaextensions.co.in/index.php?option=com_jeshop&view=category_detail&Itemid=118&id=38

secunia.com/advisories/46656

www.osvdb.org/76726

www.exploit-db.com/exploits/18050