Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4909

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4909
Last Modified 08 Oct 2012 12:00:00
Published 07 Oct 2012 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4909

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.

Vulnerable Systems

Application

  • Joomla%21 1.5.0

  • Joomla%21 1.5.1

  • Joomla%21 1.5.10

  • Joomla%21 1.5.11

  • Joomla%21 1.5.2

  • Joomla%21 1.5.3

  • Joomla%21 1.5.4

  • Joomla%21 1.5.5

  • Joomla%21 1.5.6

  • Joomla%21 1.5.7

  • Joomla%21 1.5.8

  • Joomla%21 1.5.9


References

BID - 35544

OSVDB - 55589

MLIST - [oss-security] 20111225 Re: CVE-request for three 2009 Joomla issues (second part)

MLIST - [oss-security] 20111225 CVE-request for three 2009 Joomla issues (second part)

SECUNIA - 35668

CONFIRM - http://developer.joomla.org/security/news/298-20090604-core-frontend-xss-httpreferer-not-properly-filtered.html

BUGTRAQ - 20120702 [ISecAuditors Security Advisories] Joomla! < 1.5.12 Multiple XSS vulnerabilities in HTTP Headers


Last Updated: 27 May 2016 11:00:52