Description

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2007-4190

Related Vulnerabilities

Joomla Improper Input Validation Vulnerability (CVE-2020-35616)

WordPress Plugin Sell Photo Cross-Site Scripting (1.0.5)

Joomla Other Vulnerability (CVE-2006-7009)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6333)

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0909)

Severity

Medium

Classification

CVE-2007-4190 CWE-138

Tags

Missing Update Known Vulnerabilities