Description
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
http://developer.joomla.org/security/news/347-20110409-core-clickjacking.html
Exploit x_refsource_misc
http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html
Scores
EPSS
0.0002
EPSS Percentile
4.3%
Details
CWE
CWE-20
Status
published
Products (3)
joomla/joomla\!
1.6 alpha (18 CPE variants)
joomla/joomla\!
1.6.0
joomla/joomla\!
1.6.1
Published
Jul 27, 2011
Tracked Since
Feb 18, 2026