Description
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules.
Remediation
References
Related Vulnerabilities
WordPress Plugin Remove Schema Cross-Site Request Forgery (1.4)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-5459)
Nginx Out-of-bounds Write Vulnerability (CVE-2009-2629)
Oracle Application Server CVE-2007-5517 Vulnerability (CVE-2007-5517)
Oracle Application Server CVE-2006-0435 Vulnerability (CVE-2006-0435)