Description

Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component.

Remediation

References

CVE-2010-3712

Related Vulnerabilities

WordPress Plugin Count per Day Information Disclosure (3.2.5)

WordPress Plugin WPMovieLibrary Multiple Cross-Site Scripting Vulnerabilities (2.1.4.1)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-2059)

Drupal Core 8.x.x Cross-Site Scripting (8.0.0 - 8.4.6)

MySQL CVE-2017-10313 Vulnerability (CVE-2017-10313)

Severity

Medium

Classification

CVE-2010-3712 CWE-707

Tags

Missing Update Known Vulnerabilities