CVE-2010-1649Cross-site Scripting in Joomla Joomla-cms

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 91.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Joomla Joomla-cmsJoomla !
Timeline
PublishedJun 8
Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDjoomla/joomla_!18 versions+17
Packagistjoomla/joomla-cms1.51.5.18

🔴Vulnerability Details

3
OSV
Joomla! vulnerable to Cross-site Scripting2022-05-14
GHSA
Joomla! vulnerable to Cross-site Scripting2022-05-14
CVEList
CVE-2010-1649: Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 12010-06-07
CVE-2010-1649 — Cross-site Scripting in Joomla | cvebase