Description

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.

Remediation

References

CVE-2011-2710

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4293)

PHP Double Free Vulnerability (CVE-2016-5772)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10186)

WordPress Plugin DW Question & Answer Cross-Site Scripting (1.4.2.2)

WordPress Plugin FireStats 'firestats-wordpress.php' Remote File Include (1.6.1)

Severity

Medium

Classification

CVE-2011-2710 CWE-707

Tags

Missing Update Known Vulnerabilities