Description

The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using "<<>AAA<><>", possibly due to nested or empty tags.

Remediation

References

CVE-2006-1029

Related Vulnerabilities

WordPress 4.8.x PHP Object Injection (4.8 - 4.8.16)

MySQL CVE-2019-2752 Vulnerability (CVE-2019-2752)

WordPress Plugin FV Flowplayer Video Player SQL Injection (7.3.18.727)

Jboss EAP Improper Input Validation Vulnerability (CVE-2011-4314)

WordPress Plugin Premmerce Wishlist for WooCommerce Security Bypass (1.1.2)

Severity

Medium

Classification

CVE-2006-1029

Tags

Missing Update Known Vulnerabilities