FKIE_CVE-2009-1940

Vulnerability from fkie_nvd - Published: 2009-06-05 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
cve@mitre.orghttp://developer.joomla.org/security/news/295-20090601-core-comusers-xss.htmlPatch, Vendor Advisory
cve@mitre.orghttp://osvdb.org/54869Patch
cve@mitre.orghttp://secunia.com/advisories/35278Vendor Advisory
cve@mitre.orghttp://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html
cve@mitre.orghttp://www.securityfocus.com/bid/35189Exploit, Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1497
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/50924
af854a3a-2127-422b-91ae-364da2661108http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/54869Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35278Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/35189Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1497
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50924
Impacted products
Vendor Product Version
joomla joomla 1.5
joomla joomla 1.5.1
joomla joomla 1.5.2
joomla joomla 1.5.3
joomla joomla 1.5.4
joomla joomla 1.5.5
joomla joomla 1.5.6
joomla joomla 1.5.7
joomla joomla 1.5.8
joomla joomla 1.5.9
joomla joomla 1.5.10
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B29D3E39-7B43-4D19-B39F-2EB56E30F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F155C3B-AAF5-4393-A964-E655113D84DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1DA8EEE-F091-49D0-9F9D-4C83574B6A36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:joomla:joomla:1.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "731CC868-70FC-44A0-8CC2-D0A4AC5CE094",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el panel panel administrador del componente com_users de Joomla! en las versiones v.1.5.x hasta la v1.5.10. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML a trav\u00e9s de vectores de ataque no especificados.\r\n"
    }
  ],
  "id": "CVE-2009-1940",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-05T18:30:00.267",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://osvdb.org/54869"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35278"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35189"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/1497"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://osvdb.org/54869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.