Description

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.

Remediation

References

CVE-2011-2710

Related Vulnerabilities

WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-1000867)

WordPress Plugin Booking Calendar Cross-Site Request Forgery (9.2.1)

WordPress Plugin Shopping Cart Multiple SQL Injection and Arbitrary File Upload Vulnerabilities (8.1.14)

Atlassian Jira CVE-2019-20898 Vulnerability (CVE-2019-20898)

MySQL CVE-2021-35612 Vulnerability (CVE-2021-35612)

Severity

Medium

Classification

CVE-2011-2710 CWE-707

Tags

Missing Update Known Vulnerabilities