Joomla! Multiple Cross-site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running Joomla and is prone to multiple Cross-site scripting vulnerabilities.

Impact

Successful exploitation will allow attackers to to inject arbitrary web script or HTML via vectors involving 'multiple encoded entities'. Impact Level: Application

Solution

Upgrade to Joomla! 1.5.21 or later, For updates refer to http://www.joomla.org/download.html

Insight

The flaws are due to inadequate filtering of multiple encoded entities, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

Affected

Joomla! versions 1.5.x before 1.5.21

References

http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities
http://www.vupen.com/english/advisories/2010/2615

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3712

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts Cross Site Scripting Vulnerability
Apache Archiva Home Page Cross-Site Scripting vulnerability
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
@Mail WebMail Email Body HTML Injection Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability

Take action and discover your vulnerabilities