Vulnerability Name: | CVE-2011-4909 (CCN-51453) | ||||||||
Assigned: | 2009-07-01 | ||||||||
Published: | 2009-07-01 | ||||||||
Updated: | 2012-10-08 | ||||||||
Summary: | Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C)
3.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-79 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: BUGTRAQ Type: Exploit 20120702 [ISecAuditors Security Advisories] Joomla! < 1.5.12 Multiple XSS vulnerabilities in HTTP Headers Source: MITRE Type: CNA CVE-2011-4909 Source: CCN Type: Joomla! Developer Security Announcements [20090604] Core - Frontend XSS - HTTP_REFERER not properly filtered Source: CONFIRM Type: UNKNOWN http://developer.joomla.org/security/news/298-20090604-core-frontend-xss-httpreferer-not-properly-filtered.html Source: CCN Type: SA35668 Joomla! Cross-Site Scripting and Information Disclosure Source: SECUNIA Type: Vendor Advisory 35668 Source: CCN Type: Joomla! Web site Joomla! 1.5.12 Released Source: MLIST Type: UNKNOWN [oss-security] 20111225 CVE-request for three 2009 Joomla issues (second part) Source: MLIST Type: UNKNOWN [oss-security] 20111225 Re: CVE-request for three 2009 Joomla issues (second part) Source: OSVDB Type: UNKNOWN 55589 Source: CCN Type: OSVDB ID: 55589 Joomla! HTTP_REFERER Header XSS Source: BID Type: UNKNOWN 35544 Source: CCN Type: BID-35544 Joomla! Cross Site Scripting and Information Disclosure Vulnerabilities Source: XF Type: UNKNOWN joomla-httpreferer-xss(51453) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |