CVE-2010-2535:joomla!: Multiple cross-site scripting (XSS) vulnerabilities...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-2535

joomla!: Multiple cross-site scripting (XSS) vulnerabilities...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2535

Original

Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-10-05

Source Information Category:

Advisory, Alert

Last Updated:

2010-10-05

Affected Product Tags

cpe:/a:joomla:joomla%21:1.5.0

cpe:/a:joomla:joomla%21:1.5.1

cpe:/a:joomla:joomla%21:1.5.10

cpe:/a:joomla:joomla%21:1.5.11

cpe:/a:joomla:joomla%21:1.5.12

cpe:/a:joomla:joomla%21:1.5.13

cpe:/a:joomla:joomla%21:1.5.14

cpe:/a:joomla:joomla%21:1.5.15

cpe:/a:joomla:joomla%21:1.5.15:rc

cpe:/a:joomla:joomla%21:1.5.16

cpe:/a:joomla:joomla%21:1.5.17

cpe:/a:joomla:joomla%21:1.5.18

cpe:/a:joomla:joomla%21:1.5.19

cpe:/a:joomla:joomla%21:1.5.2

cpe:/a:joomla:joomla%21:1.5.3

cpe:/a:joomla:joomla%21:1.5.4

cpe:/a:joomla:joomla%21:1.5.5

cpe:/a:joomla:joomla%21:1.5.6

cpe:/a:joomla:joomla%21:1.5.7

cpe:/a:joomla:joomla%21:1.5.8

cpe:/a:joomla:joomla%21:1.5.9

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://developer.joomla.org/security/news/318-20100704-core-xss-vulnerabilitis-in-back-end.html

MISC http://www.ocert.org/advisories/ocert-2010-002.html

MLIST [oss-security] 20100721 Re: [oCERT-2010-002] Joomla input sanitization errors (XSS)

MLIST [oss-security] 20100720 [oCERT-2010-002] Joomla input sanitization errors (XSS)

Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)