Joomla! Cross Site Scripting Vulnerability Network Vulnerability

Summary

The host is running Joomla! and is prone to Cross site scripting vulnerability.

Impact

Successful exploitation will allow attacker to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to Joomla! 1.5.22 or later, For updates refer to http://www.joomla.org/download.html

Insight

The flaw is caused by improper validation of user-supplied input via the 'ordering' parameter to 'index.php' which allows attackers to execute arbitrary HTML and script code on the web server.

Affected

Joomla! versions 1.0.x through 1.0.15

References

http://osvdb.org/70369
http://xforce.iss.net/xforce/xfdb/64539
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.0.x~15]_cross_site_scripting

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0005

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Ampache Reflected Cross Site Scripting Vulnerability
Apache mod_proxy_ajp Information Disclosure Vulnerability
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
Apache Open For Business HTML injection vulnerability

Take action and discover your vulnerabilities