CVE-2007-5577 — Cross-site Scripting in Joomla !

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 79.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Joomla !

Timeline

PublishedOct 18

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDjoomla/joomla_!< 1.0.13

Patches

Patch: joomlacode.org ↗Patch: secunia.com ↗Patch: joomlacode.org ↗

🔴Vulnerability Details

GHSA

GHSA-jj42-23mj-m8hv: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Joomla! Component mosmedia 1.0.8 - Remote File Inclusion↗2007-04-11

▶