CVE-2007-4189Cross-site Scripting in Joomla !

CWE-79Cross-site Scripting4 documents2 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 93.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Joomla !Joomla
Timeline
PublishedAug 8
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDjoomla/joomla_!< 1.0.13
NVDjoomla/joomla1.0.13

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-q6xx-2fjc-hr82: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 12022-05-01
GHSA
GHSA-4729-w6h8-2738: Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 12022-05-01