Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2710

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-2710
Last Modified 25 Nov 2011 10:56:06
Published 27 Jul 2011 04:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2710

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.

Vulnerable Systems

Application

  • Joomla%21 1.5.0

  • Joomla%21 1.5.1

  • Joomla%21 1.5.10

  • Joomla%21 1.5.11

  • Joomla%21 1.5.12

  • Joomla%21 1.5.13

  • Joomla%21 1.5.14

  • Joomla%21 1.5.15

  • Joomla%21 1.5.16

  • Joomla%21 1.5.17

  • Joomla%21 1.5.18

  • Joomla%21 1.5.19

  • Joomla%21 1.5.2

  • Joomla%21 1.5.20

  • Joomla%21 1.5.21

  • Joomla%21 1.5.22

  • Joomla%21 1.5.23

  • Joomla%21 1.5.3

  • Joomla%21 1.5.4

  • Joomla%21 1.5.5

  • Joomla%21 1.5.6

  • Joomla%21 1.5.7

  • Joomla%21 1.5.8

  • Joomla%21 1.5.9

  • Joomla%21 1.6

  • Joomla%21 1.6.0

  • Joomla%21 1.6.1

  • Joomla%21 1.6.3

  • Joomla%21 1.6.4

  • Joomla%21 1.6.5

  • Joomla%21 1.6.6


References

MISC - http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.7.0-rc]_cross_site_scripting(XSS)

MLIST - [oss-security] 20111121 Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue

MLIST - [oss-security] 20111016 Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710

MLIST - [oss-security] 20110722 Re: CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities

MLIST - [oss-security] 20110722 CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities

CONFIRM - http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html


Last Updated: 27 May 2016 10:57:05