Lucene search

MitreCVE-2009-0378

HistoryFeb 02, 2009 - 7:00 p.m.

CVE-2009-0378

2009-02-0219:00:00

CWE-79

mitre

web.nvd.nist.gov

cve-2009-0378

cross-site scripting

xss

joomla

beamospetition

nvd

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

56.9%

JSON

Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.

Affected configurations

Nvd

Node

joomlacom_beamospetitionMatch1.0.12

AND

joomlajoomla

VendorProductVersionCPE
joomlacom_beamospetition1.0.12cpe:2.3:a:joomla:com_beamospetition:1.0.12:*:*:*:*:*:*:*
joomlajoomla*cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
joomla	com_beamospetition	1.0.12	cpe:2.3:a:joomla:com_beamospetition:1.0.12:::::::*
joomla	joomla	*	cpe:2.3:a:joomla:joomla::::::::

References

www.securityfocus.com/archive/1/500250/100/0/threaded

www.securityfocus.com/bid/33391

www.exploit-db.com/exploits/7847

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

56.9%

JSON

Related for CVE-2009-0378