Description

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.

Remediation

References

CVE-2010-1649

Related Vulnerabilities

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)

WordPress Plugin Zotpress 'zotpress.rss.php' SQL Injection (4.4)

WordPress CVE-2014-5203 Vulnerability (CVE-2014-5203)

WordPress Plugin Advanced Woo Search Information Disclosure (1.99)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.2)

Severity

Medium

Classification

CVE-2010-1649 CWE-707

Tags

Missing Update Known Vulnerabilities