CVE-2011-2509Cross-site Scripting in Joomla Joomla-cms

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 90.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Joomla Joomla-cmsJoomla !
Timeline
PublishedJul 27
Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDjoomla/joomla_!1.6.3+27
Packagistjoomla/joomla-cms< 1.6.4

🔴Vulnerability Details

3
GHSA
Joomla! vulnerable to Cross-site Scripting2022-05-14
OSV
Joomla! vulnerable to Cross-site Scripting2022-05-14
CVEList
CVE-2011-2509: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 12011-07-27