Description

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.

Remediation

References

CVE-2010-1649

Related Vulnerabilities

WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates Cross-Site Request Forgery (3.8.5)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16217)

Ruby Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0256)

Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-28658)

WordPress Plugin WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection-StopBadBots Unspecified Vulnerability (6.66)

Severity

Medium

Classification

CVE-2010-1649 CWE-707

Tags

Missing Update Known Vulnerabilities