Vulnerabilites related to onnogroen - com_webeecomment
cve-2009-4650
Vulnerability from cvelistv5
Published
2010-02-22 21:00
Modified
2024-09-16 20:47
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/62334 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/38625 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/38204 | vdb-entry, x_refsource_BID | |
| http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62334"
},
{
"name": "38625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38625"
},
{
"name": "38204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38204"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-22T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62334"
},
{
"name": "38625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38625"
},
{
"name": "38204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38204"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62334",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62334"
},
{
"name": "38625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38625"
},
{
"name": "38204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38204"
},
{
"name": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html",
"refsource": "MISC",
"url": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4650",
"datePublished": "2010-02-22T21:00:00Z",
"dateReserved": "2010-02-22T00:00:00Z",
"dateUpdated": "2024-09-16T20:47:36.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4651
Vulnerability from cvelistv5
Published
2010-02-22 21:00
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38204 | vdb-entry, x_refsource_BID | |
| http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38204"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-22T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38204"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38204"
},
{
"name": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html",
"refsource": "MISC",
"url": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4651",
"datePublished": "2010-02-22T21:00:00Z",
"dateReserved": "2010-02-22T00:00:00Z",
"dateUpdated": "2024-09-16T16:48:43.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-02-22 21:30
Modified
2024-11-21 01:10
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| onnogroen | com_webeecomment | 1.1.1 | |
| onnogroen | com_webeecomment | 1.2 | |
| onnogroen | com_webeecomment | 2.0 | |
| joomla | joomla\! | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:onnogroen:com_webeecomment:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F00E91-0C0A-401E-9752-542D2E2FB399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:onnogroen:com_webeecomment:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3D9C8C-86D5-4220-A842-8A1A59438553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:onnogroen:com_webeecomment:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92F20B49-CE94-474A-83C1-B16DE1C603B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el componente de Joomla! Webee Comments (com_webeecomment) v1.1.1, v1.2, y v2.0 para Joomla!, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de las etiquetas (1) color, (2) img y (3) url BBCode en vectores no especificados."
}
],
"id": "CVE-2009-4651",
"lastModified": "2024-11-21T01:10:08.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-22T21:30:00.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38204"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-22 21:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| onnogroen | com_webeecomment | 1.1.1 | |
| onnogroen | com_webeecomment | 1.2 | |
| onnogroen | com_webeecomment | 2.0 | |
| joomla | joomla\! | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:onnogroen:com_webeecomment:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F00E91-0C0A-401E-9752-542D2E2FB399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:onnogroen:com_webeecomment:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3D9C8C-86D5-4220-A842-8A1A59438553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:onnogroen:com_webeecomment:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92F20B49-CE94-474A-83C1-B16DE1C603B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el componente Webee Comments (com_webeecomment) v1.1.1, v1.2 y v2.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"articleId\" en una acci\u00f3n por defecto a index2.php. NOTA: algunos detalles han sido obtenidos a partir de terceros."
}
],
"id": "CVE-2009-4650",
"lastModified": "2024-11-21T01:10:08.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-22T21:30:00.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38625"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/62334"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/62334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38204"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}