Lucene search

MitreCVE-2011-4809

HistoryDec 14, 2011 - 12:55 a.m.

CVE-2011-4809

2011-12-1400:55:19

CWE-79

mitre

web.nvd.nist.gov

cve-2011-4809

xss

com_hmcommunity

joomla

vulnerability

web script

html

remote attackers

injection

security

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

60.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

joomlaextensionscom_hmcommunityRange≤1.0

AND

joomlajoomla\!

VendorProductVersionCPE
joomlaextensionscom_hmcommunity*cpe:2.3:a:joomlaextensions:com_hmcommunity:*:*:*:*:*:*:*:*
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
joomlaextensions	com_hmcommunity	*	cpe:2.3:a:joomlaextensions:com_hmcommunity::::::::
joomla	joomla\!	*	cpe:2.3:a:joomla:joomla\!::::::::

References

joomlaextensions.co.in/index.php?option=com_jeshop&view=category_detail&Itemid=118&id=38

secunia.com/advisories/46656

www.exploit-db.com/exploits/18050

www.osvdb.org/76726

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

60.1%

JSON

Related for CVE-2011-4809