CVE-2011-4809

Joomlaextensions Com Hmcommunity < 1.0 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by 599eme Man · textwebappsphp
https://www.exploit-db.com/exploits/18050

References (4)

Scores

EPSS 0.0046
EPSS Percentile 63.7%

Classification

CWE
CWE-79
Status published

Affected Products (2)

joomlaextensions/com_hmcommunity < 1.0
n/a/n/a

Timeline

Published Dec 14, 2011
Tracked Since Feb 18, 2026