CVE-2011-4332

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published Bysecalert@redhat.com

Published DateNov 23, 2011, 18:55

Affected Versions(1)

joomla/joomla-cms(Packagist)

Introduced0

Fixed1.6.4

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
joomla/joomla-cms(Packagist)	0	1.6.4	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

4.3

Vector String

AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE

References

http://developer.joomla.org/security/news/349-20110601-xss-vulnerabilities.html
http://seclists.org/fulldisclosure/2011/Nov/142
http://www.mavitunasecurity.com/xss-vulnerability-in-joomla-163/
http://www.openwall.com/lists/oss-security/2011/11/21/29

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

4.3

Vector String

AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE