CVE-2010-2846

InterJoomla ArtForms (com_artforms) 2.1b7.2 RC2 - Cross-Site Scripting via afmsg Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2846. PoCs published by Salvatore Fresta.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in ArtForms 2.1b7.2 RC2, including SQL injection, directory traversal, and reflected XSS. It provides sample exploit URLs but does not include functional exploit code.

Description

Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Salvatore Fresta · textwebappsphp
https://www.exploit-db.com/exploits/14263

This is a technical writeup detailing multiple vulnerabilities in ArtForms 2.1b7.2 RC2, including SQL injection, directory traversal, and reflected XSS. It provides sample exploit URLs but does not include functional exploit code.

Classification
Writeup 95%
Attack Type
Sqli | Info Leak | Xss
Complexity
Trivial
Reliability
Reliable
Target: ArtForms 2.1b7.2 RC2 Joomla Component
No auth needed
Prerequisites: Joomla installation with vulnerable ArtForms component
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/41457
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512215/100/0/threaded
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14263
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/60162

Scores

EPSS 0.0149
EPSS Percentile 70.7%

Details

CWE
CWE-79
Status published
Products (1)
gonzalo_maser/com_artforms 2.1b7.2 rc2
Published Jul 25, 2010
Tracked Since Feb 18, 2026