Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item.
References
Configurations
History
21 Nov 2024, 00:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=5654 - Patch, Vendor Advisory | |
References | () http://osvdb.org/37173 - Broken Link | |
References | () http://secunia.com/advisories/25804 - Patch, Vendor Advisory | |
References | () http://www.joomla.org/content/view/3670/78/ - Release Notes, Vendor Advisory | |
References | () http://www.joomla.org/content/view/3677/1/ - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/24663 - Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/35119 - Third Party Advisory, VDB Entry |
Information
Published : 2007-10-18 21:17
Updated : 2024-11-21 00:38
NVD link : CVE-2007-5577
Mitre link : CVE-2007-5577
CVE.ORG link : CVE-2007-5577
JSON object : View
Products Affected
joomla
- joomla\!
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')