Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4532

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4532
Last Modified 01 Nov 2012 12:28:08
Published 31 Oct 2012 12:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4532

Summary

Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Joomla%21 2.5.0

  • Joomla%21 2.5.1

  • Joomla%21 2.5.2

  • Joomla%21 2.5.3

  • Joomla%21 2.5.4

  • Joomla%21 2.5.5

  • Joomla%21 2.5.6


References

OSVDB - 83490

MLIST - [oss-security] 20121019 Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7

MLIST - [oss-security] 20121007 CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7

CONFIRM - http://www.joomla.org/announcements/release-news/5463-joomla-2-5-7-released.html

MISC - http://www.darksecurity.de/advisories/2012/SSCHADV2012-014.txt

SECUNIA - 49678

CONFIRM - http://developer.joomla.org/security/news/540-20120902-core-xss-vulnerability


Last Updated: 27 May 2016 10:49:48