CVE-2011-4830

Barter Sites com_listing 1.3 - Authenticated Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4830. PoCs published by Chris Russell.

AI-analyzed exploit summary This is a vulnerability writeup describing SQL injection and persistent XSS vulnerabilities in Barter Sites 1.3 for Joomla. It provides technical details on exploitation vectors but does not include executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Chris Russell · textwebappsphp
https://www.exploit-db.com/exploits/18046

This is a vulnerability writeup describing SQL injection and persistent XSS vulnerabilities in Barter Sites 1.3 for Joomla. It provides technical details on exploitation vectors but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target: Barter Sites 1.3 for Joomla
Auth required
Prerequisites: Access to the Joomla instance with Barter Sites component installed · User registration for XSS exploitation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

EPSS 0.0136
EPSS Percentile 68.2%

Details

CWE
CWE-79
Status published
Products (1)
barter-sites/com_listing 1.3
Published Dec 15, 2011
Tracked Since Feb 18, 2026