Search criteria
247 vulnerabilities found for joomla by joomla
FKIE_CVE-2009-1938
Vulnerability from fkie_nvd - Published: 2009-06-05 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joomla | joomla | 1.5 | |
| joomla | joomla | 1.5 | |
| joomla | joomla | 1.5 | |
| joomla | joomla | 1.5 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.1 | |
| joomla | joomla | 1.5.2 | |
| joomla | joomla | 1.5.3 | |
| joomla | joomla | 1.5.4 | |
| joomla | joomla | 1.5.5 | |
| joomla | joomla | 1.5.6 | |
| joomla | joomla | 1.5.7 | |
| joomla | joomla | 1.5.8 | |
| joomla | joomla | 1.5.9 | |
| joomla | joomla | 1.5.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "302D47E2-CFA8-438C-82DB-335319454448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "94B01AD8-2B71-4A6A-8932-E61B0FE54246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1058A361-4B10-4D7C-B789-64A38FE7E201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "D548B3C9-483F-492C-A6BB-694B7217FEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9813E813-2983-4471-9E56-6F254810A66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A4F4F9E7-BA44-4235-A246-DB6C432C3873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "495BD724-45BE-4214-B120-3A83BD9AD11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B29D3E39-7B43-4D19-B39F-2EB56E30F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F155C3B-AAF5-4393-A964-E655113D84DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DA8EEE-F091-49D0-9F9D-4C83574B6A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "731CC868-70FC-44A0-8CC2-D0A4AC5CE094",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Joomla! v.1.5.x hasta la v1.5.10. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML a trav\u00e9s de vectores de ataque no especificados relacionados con la salida de la base de datos y el panel de administraci\u00f3n de \"frontend\"."
}
],
"id": "CVE-2009-1938",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-05T18:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35278"
},
{
"source": "cve@mitre.org",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/54868"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1497"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/54868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1939
Vulnerability from fkie_nvd - Published: 2009-06-05 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joomla | joomla | 1.5.0_beta | |
| joomla | joomla | 1.5.0_beta1 | |
| joomla | joomla | 1.5.0_beta2 | |
| joomla | joomla | 1.5.0_rc1 | |
| joomla | joomla | 1.5.1 | |
| joomla | joomla | 1.5.2 | |
| joomla | joomla | 1.5.3 | |
| joomla | joomla | 1.5.4 | |
| joomla | joomla | 1.5.5 | |
| joomla | joomla | 1.5.6 | |
| joomla | joomla | 1.5.7 | |
| joomla | joomla | 1.5.8 | |
| joomla | joomla | 1.5.9 | |
| joomla | joomla | 1.5.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "16F243A8-5513-4BB7-AB55-5A715D5AE546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "F95550B4-3620-42D8-99AC-369126CDDFAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0429EF-3848-4E72-999E-719DB54A7429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "F12537ED-A4EB-40F9-AC00-B796169E114D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B29D3E39-7B43-4D19-B39F-2EB56E30F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F155C3B-AAF5-4393-A964-E655113D84DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DA8EEE-F091-49D0-9F9D-4C83574B6A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "731CC868-70FC-44A0-8CC2-D0A4AC5CE094",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en plantilla \r\nJA_Purity para Joomla! v1.5.x hasta v1.5.10 permite a atacantes remotos inyectar HTML y secuencias de comandos web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-1939",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-05T18:30:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54870"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35278"
},
{
"source": "cve@mitre.org",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1497"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1940
Vulnerability from fkie_nvd - Published: 2009-06-05 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B29D3E39-7B43-4D19-B39F-2EB56E30F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F155C3B-AAF5-4393-A964-E655113D84DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DA8EEE-F091-49D0-9F9D-4C83574B6A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "731CC868-70FC-44A0-8CC2-D0A4AC5CE094",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el panel panel administrador del componente com_users de Joomla! en las versiones v.1.5.x hasta la v1.5.10. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML a trav\u00e9s de vectores de ataque no especificados.\r\n"
}
],
"id": "CVE-2009-1940",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-05T18:30:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://osvdb.org/54869"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35278"
},
{
"source": "cve@mitre.org",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1497"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://osvdb.org/54869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1280
Vulnerability from fkie_nvd - Published: 2009-04-09 16:27 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joomla | joomla | 1.5 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.1 | |
| joomla | joomla | 1.5.2 | |
| joomla | joomla | 1.5.3 | |
| joomla | joomla | 1.5.4 | |
| joomla | joomla | 1.5.5 | |
| joomla | joomla | 1.5.6 | |
| joomla | joomla | 1.5.7 | |
| joomla | joomla | 1.5.8 | |
| joomla | joomla | 1.5.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "D548B3C9-483F-492C-A6BB-694B7217FEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9813E813-2983-4471-9E56-6F254810A66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A4F4F9E7-BA44-4235-A246-DB6C432C3873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "495BD724-45BE-4214-B120-3A83BD9AD11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B29D3E39-7B43-4D19-B39F-2EB56E30F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F155C3B-AAF5-4393-A964-E655113D84DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DA8EEE-F091-49D0-9F9D-4C83574B6A36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n de sitios cruzados en el componente com_media para Joomla! v1.5.x hasta v1.5.9 permite a atacantes remotos secuestrar la autentificaci\u00f3n de de v\u00edctimas no especificadas mediante vectores desconocidos."
}
],
"id": "CVE-2009-1280",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-09T16:27:57.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34551"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1279
Vulnerability from fkie_nvd - Published: 2009-04-09 16:27 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joomla | joomla | 1.5 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.1 | |
| joomla | joomla | 1.5.2 | |
| joomla | joomla | 1.5.3 | |
| joomla | joomla | 1.5.4 | |
| joomla | joomla | 1.5.5 | |
| joomla | joomla | 1.5.6 | |
| joomla | joomla | 1.5.7 | |
| joomla | joomla | 1.5.8 | |
| joomla | joomla | 1.5.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "D548B3C9-483F-492C-A6BB-694B7217FEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9813E813-2983-4471-9E56-6F254810A66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A4F4F9E7-BA44-4235-A246-DB6C432C3873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "495BD724-45BE-4214-B120-3A83BD9AD11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B29D3E39-7B43-4D19-B39F-2EB56E30F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F155C3B-AAF5-4393-A964-E655113D84DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DA8EEE-F091-49D0-9F9D-4C83574B6A36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Joomla! v1.5 hasta 1.5.9, permite a atacantes remotos web script o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados en los componentes (1) com_admin, (2) com_search cuando \"Gather Search Statistics\" est\u00e1 disponible y (3) la vista categor\u00eda en com_content.\r\n\r\n"
}
],
"id": "CVE-2009-1279",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-09T16:27:57.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34551"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34360"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6299
Vulnerability from fkie_nvd - Published: 2009-02-26 16:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joomla | joomla | * | |
| joomla | joomla | 1.0 | |
| joomla | joomla | 1.0.0 | |
| joomla | joomla | 1.0.1 | |
| joomla | joomla | 1.0.2 | |
| joomla | joomla | 1.0.3 | |
| joomla | joomla | 1.0.4 | |
| joomla | joomla | 1.0.5 | |
| joomla | joomla | 1.0.6 | |
| joomla | joomla | 1.0.7 | |
| joomla | joomla | 1.0.8 | |
| joomla | joomla | 1.0.9 | |
| joomla | joomla | 1.0.10 | |
| joomla | joomla | 1.0.11 | |
| joomla | joomla | 1.0.12 | |
| joomla | joomla | 1.0.13 | |
| joomla | joomla | 1.0.14 | |
| joomla | joomla | 1.03 | |
| joomla | joomla | 1.5 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.0 | |
| joomla | joomla | 1.5.0_beta | |
| joomla | joomla | 1.5.0_beta1 | |
| joomla | joomla | 1.5.0_beta2 | |
| joomla | joomla | 1.5.0_rc1 | |
| joomla | joomla | 1.5.1 | |
| joomla | joomla | 1.5.2 | |
| joomla | joomla | 1.5.3 | |
| joomla | joomla | 1.5.4 | |
| joomla | joomla | 1.5.5 | |
| joomla | joomla | 1.5.6 | |
| joomla | joomla | 1.5rc3 | |
| joomla | joomla | 1.5rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82062F02-1F62-4D9B-B1A9-DC4B95C37791",
"versionEndIncluding": "1.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9709F901-EDD2-4369-89F0-8AF3A63655E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC268591-FDFD-42A2-887F-4F1639CAB73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8E5942-AB17-45E8-B3D3-4DDD1DFA48D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89946AA1-0694-44A5-962E-ED36B4BFCE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6024ABB5-0CB7-4874-8758-CC6FBF3073D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A41E39D9-ADD7-41A1-9E38-BD418B59E5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "05C21464-3FD4-4528-A512-7C0DE70E331C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "663EE640-2BE7-42FC-B848-7379C6DADA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA2374C-E9D8-40E4-A4E5-E4F95E04E226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B64E85-CA80-46A6-9E62-B1F28CBED5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D4007FCB-589A-413D-8009-64404926CA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B0B037-5E62-4069-AF35-F05A777E05D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "314E12E1-107E-4AB3-8092-9F6C2C5FA11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "65860314-7B34-46B4-BA29-1A8EA715BF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A235591C-1860-4877-8B61-7390EE359E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D9FB89-D522-410F-8E68-763E9931E955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9C4B0-5B4B-4103-AA4E-419E08C22306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "D548B3C9-483F-492C-A6BB-694B7217FEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9813E813-2983-4471-9E56-6F254810A66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A4F4F9E7-BA44-4235-A246-DB6C432C3873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "495BD724-45BE-4214-B120-3A83BD9AD11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "16F243A8-5513-4BB7-AB55-5A715D5AE546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "F95550B4-3620-42D8-99AC-369126CDDFAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0429EF-3848-4E72-999E-719DB54A7429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "F12537ED-A4EB-40F9-AC00-B796169E114D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EF8067-2707-40AA-A95B-3C86625A7A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "FDFF92A2-FEBD-49F6-8C41-3DF2D9AB56C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados - XSS - en Joomla! v1.5.7 y anteriores, permite a usuarios autentificados remotos inyectar una secuencia de comandos web o HTML a trav\u00e9s de (1) los par\u00e1metros \"title\" y \"descripci\u00f3n\" en el m\u00f3dulo com_weblinks y (2) vectores no especificados cen el modulo com_content relativo a \"article submission.\"."
}
],
"id": "CVE-2008-6299",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-26T16:17:19.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32622"
},
{
"source": "cve@mitre.org",
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32263"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5671
Vulnerability from fkie_nvd - Published: 2008-12-19 01:52 - Updated: 2025-04-09 00:30
Severity ?
Summary
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB02CC5-351D-4AAE-9142-ACCA8AEE718A",
"versionEndIncluding": "1.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "314E12E1-107E-4AB3-8092-9F6C2C5FA11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "65860314-7B34-46B4-BA29-1A8EA715BF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A235591C-1860-4877-8B61-7390EE359E12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en index.php en Joomla! de v1.0.11 hasta v1.0.14 cuando RG_EMULATION esta activado en configuration.php, permite a atacantes remotos ejecutar c\u00f3digo PHP a su elecci\u00f3n a trav\u00e9s de una URL en el par\u00e1metro \"mosConfig_absolute_path\"."
}
],
"id": "CVE-2008-5671",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-19T01:52:02.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29106"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4787"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27795"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-4102
Vulnerability from fkie_nvd - Published: 2008-09-18 17:59 - Updated: 2025-04-09 00:30
Severity ?
Summary
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Joomla! 1.5 before 1.5.7 initializes PHP\u0027s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP\u0027s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
},
{
"lang": "es",
"value": "Joomla! 1.5 anterior a v1.5.7 inicializa el PHP\u0027s PRNG con una semilla d\u00e9bil, lo que facilita a los atacantes obtener valores pseudo-aleatorios originados por la funci\u00f3n PHP\u0027s mt_rand, como se ha demostrado obteniendo un reinicio de contrase\u00f1a. Vulnerabilidad distinta de CVE-2008-3681."
}
],
"id": "CVE-2008-4102",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-18T17:59:32.907",
"references": [
{
"source": "cve@mitre.org",
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31789"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4271"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-4104
Vulnerability from fkie_nvd - Published: 2008-09-18 17:59 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades involuntarias de redirecci\u00f3n en Joomla! 1.5 anterior a 1.5.7; permiten a atacantes remotos redireccionar a los usuarios a sitios web de su elecci\u00f3n y provocar ataques de phishing mediante una URL \"de paso\"."
}
],
"id": "CVE-2008-4104",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-09-18T17:59:32.967",
"references": [
{
"source": "cve@mitre.org",
"url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4275"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-4105
Vulnerability from fkie_nvd - Published: 2008-09-18 17:59 - Updated: 2025-04-09 00:30
Severity ?
Summary
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."
},
{
"lang": "es",
"value": "JRequest en Joomla! 1.5 y versiones anteriores a 1.5.7 limpia correctamente variable establecidas con JRequest::setVar, el cual permite a los atacante remotos realizar un ataque de \"inyecci\u00f3n de variable\" y tiene otras consecuencias no especificadas."
}
],
"id": "CVE-2008-4105",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-18T17:59:32.983",
"references": [
{
"source": "cve@mitre.org",
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31789"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4275"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020843"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-1939 (GCVE-0-2009-1939)
Vulnerability from cvelistv5 – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-japurity-xss(50922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35278"
},
{
"name": "54870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-japurity-xss(50922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35278"
},
{
"name": "54870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-japurity-xss(50922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
},
{
"name": "35189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35278"
},
{
"name": "54870",
"refsource": "OSVDB",
"url": "http://osvdb.org/54870"
},
{
"name": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"name": "ADV-2009-1497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1939",
"datePublished": "2009-06-05T18:13:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1940 (GCVE-0-2009-1940)
Vulnerability from cvelistv5 – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "joomla-comusers-xss(50924)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"name": "54869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54869"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "joomla-comusers-xss(50924)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"name": "54869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54869"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "joomla-comusers-xss(50924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"name": "54869",
"refsource": "OSVDB",
"url": "http://osvdb.org/54869"
},
{
"name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "35189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35278"
},
{
"name": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name": "ADV-2009-1497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1940",
"datePublished": "2009-06-05T18:13:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1938 (GCVE-0-2009-1938)
Vulnerability from cvelistv5 – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-adminpanel-xss(50923)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"name": "54868",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/54868"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-adminpanel-xss(50923)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"name": "54868",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/54868"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-adminpanel-xss(50923)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
},
{
"name": "35189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35278"
},
{
"name": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"name": "54868",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/54868"
},
{
"name": "ADV-2009-1497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1938",
"datePublished": "2009-06-05T18:13:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1279 (GCVE-0-2009-1279)
Vulnerability from cvelistv5 – Published: 2009-04-09 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"name": "admin-search-unspecified-xss(49655)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
},
{
"name": "content-categoryview-xss(49654)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"name": "admin-search-unspecified-xss(49655)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
},
{
"name": "content-categoryview-xss(49654)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34360"
},
{
"name": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"name": "34551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34551"
},
{
"name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"name": "admin-search-unspecified-xss(49655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
},
{
"name": "content-categoryview-xss(49654)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1279",
"datePublished": "2009-04-09T16:00:00",
"dateReserved": "2009-04-09T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1280 (GCVE-0-2009-1280)
Vulnerability from cvelistv5 – Published: 2009-04-09 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "media-unspecified-csrf(49656)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "media-unspecified-csrf(49656)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "media-unspecified-csrf(49656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"name": "34551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34551"
},
{
"name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1280",
"datePublished": "2009-04-09T16:00:00",
"dateReserved": "2009-04-09T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6299 (GCVE-0-2008-6299)
Vulnerability from cvelistv5 – Published: 2009-02-26 16:00 – Updated: 2024-08-07 11:27
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"name": "32263",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"name": "ADV-2008-3104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"name": "32622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32622"
},
{
"name": "weblinks-title-description-xss(46523)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"name": "32263",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"name": "ADV-2008-3104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"name": "32622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32622"
},
{
"name": "weblinks-title-description-xss(46523)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"name": "32263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32263"
},
{
"name": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"name": "ADV-2008-3104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"name": "32622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32622"
},
{
"name": "weblinks-title-description-xss(46523)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
},
{
"name": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6299",
"datePublished": "2009-02-26T16:00:00",
"dateReserved": "2009-02-26T00:00:00",
"dateUpdated": "2024-08-07T11:27:35.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4122 (GCVE-0-2008-4122)
Vulnerability from cvelistv5 – Published: 2008-12-19 17:00 – Updated: 2024-08-07 10:08
VLAI?
Summary
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:33.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20081218 Re: Joomla: Session hijacking vulnerability, CVE-2008-4122",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499354/100/0/threaded"
},
{
"name": "4794",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4794"
},
{
"name": "20081216 Joomla: Session hijacking vulnerability, CVE-2008-4122",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499295/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2008-4122-joomla.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20081218 Re: Joomla: Session hijacking vulnerability, CVE-2008-4122",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499354/100/0/threaded"
},
{
"name": "4794",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4794"
},
{
"name": "20081216 Joomla: Session hijacking vulnerability, CVE-2008-4122",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499295/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2008-4122-joomla.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081218 Re: Joomla: Session hijacking vulnerability, CVE-2008-4122",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499354/100/0/threaded"
},
{
"name": "4794",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4794"
},
{
"name": "20081216 Joomla: Session hijacking vulnerability, CVE-2008-4122",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499295/100/0/threaded"
},
{
"name": "http://int21.de/cve/CVE-2008-4122-joomla.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2008-4122-joomla.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4122",
"datePublished": "2008-12-19T17:00:00",
"dateReserved": "2008-09-18T00:00:00",
"dateUpdated": "2024-08-07T10:08:33.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5671 (GCVE-0-2008-5671)
Vulnerability from cvelistv5 – Published: 2008-12-18 21:00 – Updated: 2024-08-07 11:04
VLAI?
Summary
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"name": "29106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29106"
},
{
"name": "27795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27795"
},
{
"name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"name": "4787",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"name": "29106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29106"
},
{
"name": "27795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27795"
},
{
"name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"name": "4787",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"name": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"name": "29106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29106"
},
{
"name": "27795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27795"
},
{
"name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"name": "4787",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5671",
"datePublished": "2008-12-18T21:00:00",
"dateReserved": "2008-12-18T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4105 (GCVE-0-2008-4105)
Vulnerability from cvelistv5 – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
VLAI?
Summary
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31789"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "joomla-jrequest-command-execution(45069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "1020843",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020843"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31789"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "joomla-jrequest-command-execution(45069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "1020843",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020843"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"name": "31789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31789"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "joomla-jrequest-command-execution(45069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "1020843",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020843"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4105",
"datePublished": "2008-09-18T17:47:00",
"dateReserved": "2008-09-15T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4102 (GCVE-0-2008-4102)
Vulnerability from cvelistv5 – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
VLAI?
Summary
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "4271",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4271"
},
{
"name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31789"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"name": "joomla-randomnumbers-info-disclosure(45068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Joomla! 1.5 before 1.5.7 initializes PHP\u0027s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP\u0027s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "4271",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4271"
},
{
"name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31789"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"name": "joomla-randomnumbers-info-disclosure(45068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! 1.5 before 1.5.7 initializes PHP\u0027s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP\u0027s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "4271",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4271"
},
{
"name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"name": "31789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31789"
},
{
"name": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/",
"refsource": "MISC",
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"name": "joomla-randomnumbers-info-disclosure(45068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"name": "http://www.sektioneins.de/advisories/SE-2008-04.txt",
"refsource": "MISC",
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4102",
"datePublished": "2008-09-18T17:47:00",
"dateReserved": "2008-09-15T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1939 (GCVE-0-2009-1939)
Vulnerability from nvd – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-japurity-xss(50922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35278"
},
{
"name": "54870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-japurity-xss(50922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35278"
},
{
"name": "54870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-japurity-xss(50922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50922"
},
{
"name": "35189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35278"
},
{
"name": "54870",
"refsource": "OSVDB",
"url": "http://osvdb.org/54870"
},
{
"name": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html"
},
{
"name": "ADV-2009-1497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1939",
"datePublished": "2009-06-05T18:13:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1940 (GCVE-0-2009-1940)
Vulnerability from nvd – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "joomla-comusers-xss(50924)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"name": "54869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54869"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "joomla-comusers-xss(50924)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"name": "54869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54869"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "joomla-comusers-xss(50924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"name": "54869",
"refsource": "OSVDB",
"url": "http://osvdb.org/54869"
},
{
"name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "35189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35278"
},
{
"name": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name": "ADV-2009-1497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1940",
"datePublished": "2009-06-05T18:13:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1938 (GCVE-0-2009-1938)
Vulnerability from nvd – Published: 2009-06-05 18:13 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-adminpanel-xss(50923)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"name": "54868",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/54868"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-adminpanel-xss(50923)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
},
{
"name": "35189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35278"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"name": "54868",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/54868"
},
{
"name": "ADV-2009-1497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "joomla-adminpanel-xss(50923)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923"
},
{
"name": "35189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35278"
},
{
"name": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html"
},
{
"name": "54868",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/54868"
},
{
"name": "ADV-2009-1497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1938",
"datePublished": "2009-06-05T18:13:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1279 (GCVE-0-2009-1279)
Vulnerability from nvd – Published: 2009-04-09 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"name": "admin-search-unspecified-xss(49655)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
},
{
"name": "content-categoryview-xss(49654)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"name": "admin-search-unspecified-xss(49655)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
},
{
"name": "content-categoryview-xss(49654)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34360"
},
{
"name": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html"
},
{
"name": "34551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34551"
},
{
"name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"name": "admin-search-unspecified-xss(49655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655"
},
{
"name": "content-categoryview-xss(49654)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1279",
"datePublished": "2009-04-09T16:00:00",
"dateReserved": "2009-04-09T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1280 (GCVE-0-2009-1280)
Vulnerability from nvd – Published: 2009-04-09 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "media-unspecified-csrf(49656)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "media-unspecified-csrf(49656)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"name": "34551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "media-unspecified-csrf(49656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"name": "34551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34551"
},
{
"name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1280",
"datePublished": "2009-04-09T16:00:00",
"dateReserved": "2009-04-09T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6299 (GCVE-0-2008-6299)
Vulnerability from nvd – Published: 2009-02-26 16:00 – Updated: 2024-08-07 11:27
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"name": "32263",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"name": "ADV-2008-3104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"name": "32622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32622"
},
{
"name": "weblinks-title-description-xss(46523)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"name": "32263",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"name": "ADV-2008-3104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"name": "32622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32622"
},
{
"name": "weblinks-title-description-xss(46523)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
},
{
"name": "32263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32263"
},
{
"name": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
},
{
"name": "ADV-2008-3104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3104"
},
{
"name": "32622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32622"
},
{
"name": "weblinks-title-description-xss(46523)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
},
{
"name": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6299",
"datePublished": "2009-02-26T16:00:00",
"dateReserved": "2009-02-26T00:00:00",
"dateUpdated": "2024-08-07T11:27:35.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4122 (GCVE-0-2008-4122)
Vulnerability from nvd – Published: 2008-12-19 17:00 – Updated: 2024-08-07 10:08
VLAI?
Summary
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:33.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20081218 Re: Joomla: Session hijacking vulnerability, CVE-2008-4122",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499354/100/0/threaded"
},
{
"name": "4794",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4794"
},
{
"name": "20081216 Joomla: Session hijacking vulnerability, CVE-2008-4122",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499295/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2008-4122-joomla.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20081218 Re: Joomla: Session hijacking vulnerability, CVE-2008-4122",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499354/100/0/threaded"
},
{
"name": "4794",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4794"
},
{
"name": "20081216 Joomla: Session hijacking vulnerability, CVE-2008-4122",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499295/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2008-4122-joomla.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081218 Re: Joomla: Session hijacking vulnerability, CVE-2008-4122",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499354/100/0/threaded"
},
{
"name": "4794",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4794"
},
{
"name": "20081216 Joomla: Session hijacking vulnerability, CVE-2008-4122",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499295/100/0/threaded"
},
{
"name": "http://int21.de/cve/CVE-2008-4122-joomla.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2008-4122-joomla.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4122",
"datePublished": "2008-12-19T17:00:00",
"dateReserved": "2008-09-18T00:00:00",
"dateUpdated": "2024-08-07T10:08:33.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5671 (GCVE-0-2008-5671)
Vulnerability from nvd – Published: 2008-12-18 21:00 – Updated: 2024-08-07 11:04
VLAI?
Summary
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"name": "29106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29106"
},
{
"name": "27795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27795"
},
{
"name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"name": "4787",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"name": "29106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29106"
},
{
"name": "27795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27795"
},
{
"name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"name": "4787",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080214 Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488126/100/200/threaded"
},
{
"name": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html"
},
{
"name": "29106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29106"
},
{
"name": "27795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27795"
},
{
"name": "20080215 Re: Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488199/100/200/threaded"
},
{
"name": "4787",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5671",
"datePublished": "2008-12-18T21:00:00",
"dateReserved": "2008-12-18T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4105 (GCVE-0-2008-4105)
Vulnerability from nvd – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
VLAI?
Summary
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31789"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "joomla-jrequest-command-execution(45069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "1020843",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020843"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31789"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "joomla-jrequest-command-execution(45069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "1020843",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020843"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"
},
{
"name": "31789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31789"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "4275",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4275"
},
{
"name": "joomla-jrequest-command-execution(45069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "1020843",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020843"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4105",
"datePublished": "2008-09-18T17:47:00",
"dateReserved": "2008-09-15T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4102 (GCVE-0-2008-4102)
Vulnerability from nvd – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
VLAI?
Summary
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "4271",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4271"
},
{
"name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31789"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"name": "joomla-randomnumbers-info-disclosure(45068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Joomla! 1.5 before 1.5.7 initializes PHP\u0027s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP\u0027s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "4271",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4271"
},
{
"name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"name": "31789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31789"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"name": "joomla-randomnumbers-info-disclosure(45068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! 1.5 before 1.5.7 initializes PHP\u0027s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP\u0027s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080916 Re: CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122152798516853\u0026w=2"
},
{
"name": "4271",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4271"
},
{
"name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"name": "31789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31789"
},
{
"name": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/",
"refsource": "MISC",
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"name": "joomla-randomnumbers-info-disclosure(45068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"name": "[oss-security] 20080911 CVE request: joomla \u003c 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122115344915232\u0026w=2"
},
{
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122118210029084\u0026w=2"
},
{
"name": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"name": "http://www.sektioneins.de/advisories/SE-2008-04.txt",
"refsource": "MISC",
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4102",
"datePublished": "2008-09-18T17:47:00",
"dateReserved": "2008-09-15T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}