CVE-2011-4830

Barter-sites Com Listing - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Chris Russell · textwebappsphp

https://www.exploit-db.com/exploits/18046

View Code ZIP pw:eip

References (3)

[Various Sources] http://docs.joomla.org/Vulnerable_Extensions_List#Barter_Sites_1.3

[Various Sources] http://my.barter-sites.com/index.php?option=com_content&view=article&id=6&Itemid=25

[Exploit] http://www.exploit-db.com/exploits/18046

Scores

EPSS 0.0039

EPSS Percentile 59.7%

Classification

CWE

CWE-79

Status published

Affected Products (2)

barter-sites/com_listing

n/a/n/a

Timeline

Published Dec 15, 2011

Tracked Since Feb 18, 2026