CVE-2009-1938: XSS
First published: Fri Jun 05 2009(Updated: )
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joomla | =1.5.5 | |
| Joomla | =1.5-rc1 | |
| Joomla | =1.5 | |
| Joomla | =1.5-rc2 | |
| Joomla | =1.5.7 | |
| Joomla | =1.5.0-beta2 | |
| Joomla | =1.5.9 | |
| Joomla | =1.5.3 | |
| Joomla | =1.5.10 | |
| Joomla | =1.5.2 | |
| Joomla | =1.5.0-beta1 | |
| Joomla | =1.5.8 | |
| Joomla | =1.5.1 | |
| Joomla | =1.5.4 | |
| Joomla | =1.5.0-rc1 | |
| Joomla | =1.5-rc3 | |
| Joomla | =1.5.6 | |
| Joomla | =1.5.0-beta |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/35189
- http://www.osvdb.org/54868
- http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html
- http://secunia.com/advisories/35278
- http://www.vupen.com/english/advisories/2009/1497
- http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50923
Frequently Asked Questions
What is the severity of CVE-2009-1938?
CVE-2009-1938 is classified as a medium severity vulnerability due to its potential impact on web application security.
How do I fix CVE-2009-1938?
To fix CVE-2009-1938, upgrade Joomla! to version 1.5.11 or later to mitigate the cross-site scripting vulnerability.
What versions of Joomla! are affected by CVE-2009-1938?
CVE-2009-1938 affects Joomla! versions 1.5 through 1.5.10.
What is a cross-site scripting vulnerability in the context of CVE-2009-1938?
In the context of CVE-2009-1938, cross-site scripting allows attackers to inject malicious scripts into web pages viewed by users.
Are there any workarounds for CVE-2009-1938 if I cannot upgrade Joomla! immediately?
There are no specific workarounds for CVE-2009-1938, so upgrading Joomla! is strongly recommended to ensure security.
- agent/author
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/remedy
- agent/description
- vendor/joomla
- canonical/joomla
- version/joomla/1.5.5
- version/joomla/1.5-rc1
- version/joomla/1.5
- version/joomla/1.5-rc2
- version/joomla/1.5.7
- version/joomla/1.5.0-beta2
- version/joomla/1.5.9
- version/joomla/1.5.3
- version/joomla/1.5.10
- version/joomla/1.5.2
- version/joomla/1.5.0-beta1
- version/joomla/1.5.8
- version/joomla/1.5.1
- version/joomla/1.5.4
- version/joomla/1.5.0-rc1
- version/joomla/1.5-rc3
- version/joomla/1.5.6
- version/joomla/1.5.0-beta