CVE-2010-4949

Joomla! <2.1.2, FreiChat/FreiChatPure - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window.

Exploits (1)

exploitdb WRITEUP VERIFIED

by nag_sunny · textwebappsphp

https://www.exploit-db.com/exploits/34374

View Code ZIP pw:eip

References (5)

Core 5

Core References

Exploit x_refsource_confirm

http://forum.joomla.org/viewtopic.php?p=2209586

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40751

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/41961

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/60828

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/66628

Scores

EPSS 0.0356

EPSS Percentile 87.9%

Details

CWE

CWE-79

Status published

Products (7)

evnix/freichat 1.0

evnix/freichat 2.0

evnix/freichat 2.1

evnix/freichat < 2.1.1

evnix/freichatpure 1.0

evnix/freichatpure 1.2

evnix/freichatpure < 1.2.1

Published Oct 09, 2011

Tracked Since Feb 18, 2026