Description
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://developer.joomla.org/security/news/299-20090605-core-frontend-xss-phpself-not-properly-filtered.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35668
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/55590
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/12/25/8
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35544
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/12/25/3
Scores
EPSS
0.0003
EPSS Percentile
9.7%
Details
CWE
CWE-79
Status
published
Products (12)
joomla/joomla\!
1.5.0
joomla/joomla\!
1.5.1
joomla/joomla\!
1.5.2
joomla/joomla\!
1.5.3
joomla/joomla\!
1.5.4
joomla/joomla\!
1.5.5
joomla/joomla\!
1.5.6
joomla/joomla\!
1.5.7
joomla/joomla\!
1.5.8
joomla/joomla\!
1.5.9
... and 2 more
Published
Oct 07, 2012
Tracked Since
Feb 18, 2026