Description

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and, when Internet Explorer or Konqueror is used, (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.

Remediation

References

CVE-2011-2509

Related Vulnerabilities

WordPress Plugin Contact Form 7 Security Bypass (3.7.1)

Oracle JRE CVE-2013-0445 Vulnerability (CVE-2013-0445)

WordPress Plugin 3dady real-time web stats Cross-Site Request Forgery (1.0)

Python CVE-2022-42919 Vulnerability (CVE-2022-42919)

PHP CVE-2016-6174 Vulnerability (CVE-2016-6174)

Severity

Medium

Classification

CVE-2011-2509 CWE-707

Tags

Missing Update Known Vulnerabilities