CVE-2009-4651

Webee Comments 1.1.1-2.0 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Jeff Channell · textwebappsphp

https://www.exploit-db.com/exploits/33638

View Code ZIP pw:eip

References (2)

[Exploit] http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html

[Exploit] http://www.securityfocus.com/bid/38204

Scores

EPSS 0.0020

EPSS Percentile 42.3%

Classification

CWE

CWE-79

Status published

Affected Products (4)

onnogroen/com_webeecomment

onnogroen/com_webeecomment

onnogroen/com_webeecomment

n/a/n/a

Timeline

Published Feb 22, 2010

Tracked Since Feb 18, 2026