GHSA-vcq7-x4wr-w2mj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vcq7-x4wr-w2mj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vcq7-x4wr-w2mj/GHSA-vcq7-x4wr-w2mj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vcq7-x4wr-w2mj
- Aliases
-
- CVE-2011-2509
- Published
- 2022-05-14T03:08:10Z
- Modified
- 2025-04-12T02:42:07.438830Z
- Severity
-
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- Joomla! vulnerable to Cross-site Scripting
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the comcontact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the comcontent component, as demonstrated by the filterorder parameter to index.php; (3) the query string to the comnewsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and, when Internet Explorer or Konqueror is used, (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.
- Database specific
{ "nvd_published_at": "2011-07-27T20:55:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-04-12T01:57:04Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2011-2509
- http://developer.joomla.org/security/news/352-20110604-xss-vulnerability.html
- http://www.openwall.com/lists/oss-security/2011/06/28/4
- http://www.openwall.com/lists/oss-security/2011/06/29/12
- http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.6.3%5D_cross_site_scripting%28XSS%29
Affected packages
Packagist / joomla/joomla-cms
Package
- Name
- joomla/joomla-cms
- Purl
- pkg:composer/joomla/joomla-cms