FKIE_CVE-2008-6299

Vulnerability from fkie_nvd - Published: 2009-02-26 16:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."
References
cve@mitre.orghttp://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.htmlPatch, Vendor Advisory
cve@mitre.orghttp://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.htmlPatch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/32622Vendor Advisory
cve@mitre.orghttp://www.joomla.org/announcements/release-news/5219-joomla-158-released.html
cve@mitre.orghttp://www.securityfocus.com/bid/32263
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3104Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/46523
af854a3a-2127-422b-91ae-364da2661108http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32622Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32263
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3104Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46523
Impacted products
Vendor Product Version
joomla joomla *
joomla joomla 1.0
joomla joomla 1.0.0
joomla joomla 1.0.1
joomla joomla 1.0.2
joomla joomla 1.0.3
joomla joomla 1.0.4
joomla joomla 1.0.5
joomla joomla 1.0.6
joomla joomla 1.0.7
joomla joomla 1.0.8
joomla joomla 1.0.9
joomla joomla 1.0.10
joomla joomla 1.0.11
joomla joomla 1.0.12
joomla joomla 1.0.13
joomla joomla 1.0.14
joomla joomla 1.03
joomla joomla 1.5
joomla joomla 1.5.0
joomla joomla 1.5.0
joomla joomla 1.5.0
joomla joomla 1.5.0
joomla joomla 1.5.0_beta
joomla joomla 1.5.0_beta1
joomla joomla 1.5.0_beta2
joomla joomla 1.5.0_rc1
joomla joomla 1.5.1
joomla joomla 1.5.2
joomla joomla 1.5.3
joomla joomla 1.5.4
joomla joomla 1.5.5
joomla joomla 1.5.6
joomla joomla 1.5rc3
joomla joomla 1.5rc4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82062F02-1F62-4D9B-B1A9-DC4B95C37791",
              "versionEndIncluding": "1.5.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9709F901-EDD2-4369-89F0-8AF3A63655E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC268591-FDFD-42A2-887F-4F1639CAB73C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8E5942-AB17-45E8-B3D3-4DDD1DFA48D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89946AA1-0694-44A5-962E-ED36B4BFCE9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6024ABB5-0CB7-4874-8758-CC6FBF3073D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A41E39D9-ADD7-41A1-9E38-BD418B59E5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "05C21464-3FD4-4528-A512-7C0DE70E331C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "663EE640-2BE7-42FC-B848-7379C6DADA60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA2374C-E9D8-40E4-A4E5-E4F95E04E226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0B64E85-CA80-46A6-9E62-B1F28CBED5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4007FCB-589A-413D-8009-64404926CA7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6B0B037-5E62-4069-AF35-F05A777E05D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "314E12E1-107E-4AB3-8092-9F6C2C5FA11B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "65860314-7B34-46B4-BA29-1A8EA715BF00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A235591C-1860-4877-8B61-7390EE359E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2D9FB89-D522-410F-8E68-763E9931E955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9C4B0-5B4B-4103-AA4E-419E08C22306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "D548B3C9-483F-492C-A6BB-694B7217FEE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9813E813-2983-4471-9E56-6F254810A66B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A4F4F9E7-BA44-4235-A246-DB6C432C3873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "495BD724-45BE-4214-B120-3A83BD9AD11B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F243A8-5513-4BB7-AB55-5A715D5AE546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F95550B4-3620-42D8-99AC-369126CDDFAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0429EF-3848-4E72-999E-719DB54A7429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.0_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F12537ED-A4EB-40F9-AC00-B796169E114D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2EF8067-2707-40AA-A95B-3C86625A7A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5rc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDFF92A2-FEBD-49F6-8C41-3DF2D9AB56C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to \"article submission.\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados - XSS - en Joomla! v1.5.7 y anteriores, permite a usuarios autentificados remotos inyectar una secuencia de comandos web o HTML a trav\u00e9s de (1) los par\u00e1metros \"title\" y \"descripci\u00f3n\" en el m\u00f3dulo com_weblinks y (2) vectores no especificados cen el modulo com_content relativo a \"article submission.\"."
    }
  ],
  "id": "CVE-2008-6299",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-02-26T16:17:19.733",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32622"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32263"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3104"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46523"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.