PT-2009-1773 · Open Source Matters · Joomla!

Published

2009-02-26

Updated

2017-08-17

CVE-2008-6299

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Joomla! versions 1.5.7 and earlier

Description: The issue allows remote authenticated users with certain privileges to inject arbitrary web script or HTML. This can be achieved via the title and description parameters to the com weblinks module and unspecified vectors in the com content module related to article submission.

Recommendations: For Joomla! versions 1.5.7 and earlier, consider updating to a version that is not affected by this issue. As a temporary workaround, restrict access to the com weblinks and com content modules to minimize the risk of exploitation. Avoid using the title and description parameters in the com weblinks module until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2008-6299

Affected Products

Joomla!

PT-2009-1773 · Open Source Matters · Joomla!

CVE-2008-6299

Weakness Enumeration

Related Identifiers

Affected Products

References · 9