CVE-2009-4579

Name of the Vulnerable Software and Affected Versions Joomla! and Mambo (affected versions not specified)

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the Itemid parameter to "index.php". This could potentially lead to unauthorized actions on the affected system.

Recommendations For all affected versions, consider restricting access to the Itemid parameter in the "index.php" endpoint until a patch is available. As a temporary workaround, avoid using the Itemid parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.