Description
Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822.
References (9)
Core 9
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/01/26/4
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/78515
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/01/25/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/01/26/2
Patch x_refsource_confirm
http://www.joomla.org/announcements/release-news/5405-joomla-174-released.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/01/30/1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47753
Vendor Advisory x_refsource_confirm
http://developer.joomla.org/security/news/383-20120102-core-xss-vulnerability
Various Sources x_refsource_confirm
http://www.joomla.org/announcements/release-news/5403-joomla-250-released.html
Scores
EPSS
0.0001
EPSS Percentile
3.2%
Details
CWE
CWE-79
Status
published
Products (11)
joomla/joomla\!
1.6 alpha (18 CPE variants)
joomla/joomla\!
1.6.0
joomla/joomla\!
1.6.1
joomla/joomla\!
1.6.3
joomla/joomla\!
1.6.4
joomla/joomla\!
1.6.5
joomla/joomla\!
1.6.6
joomla/joomla\!
1.7.0
joomla/joomla\!
1.7.1
joomla/joomla\!
1.7.2
... and 1 more
Published
Sep 06, 2012
Tracked Since
Feb 18, 2026