Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-4909 โ€” Cross-site Scripting in Joomla !

CWE-79 โ€” Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 68.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Joomla !
Timeline
PublishedOct 7
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

โ–ถNVDjoomla/joomla_!1.5.11+11

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-jmmr-9v33-pfw8: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1โ†—2022-05-17
โ–ถ
CVEList
CVE-2011-4909: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1โ†—2012-10-07
โ–ถ

๐Ÿ’ฅExploits & PoCs

1
Exploit-DB
Joomla! 1.5.x - Cross-Site Scripting / Information Disclosureโ†—2009-06-01
โ–ถ
CVE-2011-4909 โ€” Cross-site Scripting in Joomla ! | cvebase