CVE-2009-1939

Joomla! <1.5.11 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (7)

[Vendor Advisory] http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html

[Vendor Advisory] http://secunia.com/advisories/35278

[Various Sources] http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html

[Exploit, Patch] http://www.securityfocus.com/bid/35189

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/50922

[Third Party Advisory, VDB Entry] http://osvdb.org/54870

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/1497

Scores

EPSS 0.0001

EPSS Percentile 2.8%

Classification

CWE

CWE-79

Status published

Affected Products (15)

joomla/joomla

n/a/n/a

Timeline

Published Jun 05, 2009

Tracked Since Feb 18, 2026