CVE-2011-4830

Name of the Vulnerable Software and Affected Versions Barter Sites component version 1.3 for Joomla!

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via several parameters, including listing title, description, homeurl, paystring, sell price, shipping cost, and quantity, in the com listing component. This is achieved by sending malicious input to the "index.php" endpoint.

Recommendations For Barter Sites component version 1.3, avoid using the vulnerable parameters listing title, description, homeurl, paystring, sell price, shipping cost, and quantity in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.