CVE-2009-4157

Joomla! com_proofreader <1.0 RC9 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages.

Exploits (1)

exploitdb WORKING POC

by MustLive · textwebappsphp

https://www.exploit-db.com/exploits/10291

View Code ZIP pw:eip

References (2)

[Various Sources] http://websecurity.com.ua/3482/

[Exploit] http://www.securityfocus.com/bid/37145

Scores

EPSS 0.0032

EPSS Percentile 54.3%

Classification

CWE

CWE-79

Status published

Affected Products (3)

joomlatune/com_proofreader < 1.0

joomlatune/com_proofreader

n/a/n/a

Timeline

Published Dec 02, 2009

Tracked Since Feb 18, 2026