CVE-2010-1649

Joomla! 1.5-1.5.17 - Cross-Site Scripting in Administrator Screens

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/65011

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/40444

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/39964

Various Sources x_refsource_confirm

http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29

Scores

EPSS 0.0003

EPSS Percentile 9.4%

Details

CWE

CWE-79

Status published

Products (19)

joomla/joomla-cms 1.5 - 1.5.18Packagist

joomla/joomla\! 1.5.0

joomla/joomla\! 1.5.1

joomla/joomla\! 1.5.2

joomla/joomla\! 1.5.3

joomla/joomla\! 1.5.4

joomla/joomla\! 1.5.5

joomla/joomla\! 1.5.6

joomla/joomla\! 1.5.7

joomla/joomla\! 1.5.8

... and 9 more

Published Jun 08, 2010

Tracked Since Feb 18, 2026