CVE-2010-4949

Joomla! <2.1.2, FreiChat/FreiChatPure - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window.

Exploits (1)

exploitdb WRITEUP VERIFIED

by nag_sunny · textwebappsphp

https://www.exploit-db.com/exploits/34374

View Code ZIP pw:eip

References (5)

[Exploit] http://forum.joomla.org/viewtopic.php?p=2209586

[Vendor Advisory] http://secunia.com/advisories/40751

[Exploit] http://www.securityfocus.com/bid/41961

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/60828

[Third Party Advisory, VDB Entry] http://www.osvdb.org/66628

Scores

EPSS 0.0356

EPSS Percentile 87.6%

Classification

CWE

CWE-79

Status published

Affected Products (8)

evnix/freichat

evnix/freichat < 2.1.1

evnix/freichat

evnix/freichat

evnix/freichatpure < 1.2.1

evnix/freichatpure

evnix/freichatpure

n/a/n/a

Timeline

Published Oct 09, 2011

Tracked Since Feb 18, 2026