CVE-2010-2535
Joomla! 1.5.x < 1.5.20 - Authenticated Cross-Site Scripting in Back End
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://developer.joomla.org/security/news/318-20100704-core-xss-vulnerabilitis-in-back-end.html
Various Sources x_refsource_misc
http://www.ocert.org/advisories/ocert-2010-002.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/07/20/2
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/07/21/8
Scores
EPSS
0.0002
EPSS Percentile
5.3%
Details
CWE
CWE-79
Status
published
Products (20)
joomla/joomla\!
1.5.0
joomla/joomla\!
1.5.1
joomla/joomla\!
1.5.2
joomla/joomla\!
1.5.3
joomla/joomla\!
1.5.4
joomla/joomla\!
1.5.5
joomla/joomla\!
1.5.6
joomla/joomla\!
1.5.7
joomla/joomla\!
1.5.8
joomla/joomla\!
1.5.9
... and 10 more
Published
Oct 05, 2010
Tracked Since
Feb 18, 2026