CVE-2007-4189
published 2007-08-08CVE-2007-4189: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.87%
76.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla | joomla | <= 1.0.13 | — |
| joomla | joomla_! | < 1.0.13 | 1.0.13 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q6xx-2fjc-hr82: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1
ghsa_unreviewed·2022-05-01
CVE-2007-4189 [MEDIUM] CWE-79 GHSA-q6xx-2fjc-hr82: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-4729-w6h8-2738: Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-5427 [MEDIUM] CWE-79 GHSA-4729-w6h8-2738: Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1
Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/38755http://osvdb.org/38756http://osvdb.org/38757http://secunia.com/advisories/26239http://www.joomla.org/content/view/3677/1/http://www.vupen.com/english/advisories/2007/2719http://osvdb.org/38755http://osvdb.org/38756http://osvdb.org/38757http://secunia.com/advisories/26239http://www.joomla.org/content/view/3677/1/http://www.vupen.com/english/advisories/2007/2719
2007-08-08
Published