CVE-2007-5427

Joomla Com Search Component < 1.0.13 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MustLive · textwebappsphp

https://www.exploit-db.com/exploits/30655

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] http://osvdb.org/37709

[Third Party Advisory] http://secunia.com/advisories/27196

[Third Party Advisory] http://securityreason.com/securityalert/3216

[Exploit] http://securityvulns.ru/Rdocument919.html

[Various Sources] http://websecurity.com.ua/1203/

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3495

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/482006/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26031

Scores

EPSS 0.0039

EPSS Percentile 59.9%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

joomla/com_search_component

joomla/joomla < 1.0.13

Timeline

Published Oct 12, 2007

Tracked Since Feb 18, 2026