CVE-2009-4157: XSS
First published: Wed Dec 02 2009(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joomla | ||
| joomlatune com ProofReader | <=1.0 | |
| joomlatune com ProofReader | =1.0-rc6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2009-4157?
CVE-2009-4157 is considered a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2009-4157?
To fix CVE-2009-4157, upgrade the ProofReader component to version 1.0 RC10 or later.
What are the affected Joomla! versions for CVE-2009-4157?
CVE-2009-4157 affects Joomla! installations using the ProofReader component version 1.0 RC9 and earlier.
Can CVE-2009-4157 be exploited remotely?
Yes, CVE-2009-4157 allows remote attackers to exploit the vulnerability through specially crafted URIs.
What type of attack does CVE-2009-4157 enable?
CVE-2009-4157 enables cross-site scripting (XSS) attacks that can inject arbitrary web scripts or HTML.
- collector/nvd-historical
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/joomla
- canonical/joomla
- vendor/joomlatune
- canonical/joomlatune com proofreader
- version/joomlatune com proofreader/1.0
- version/joomlatune com proofreader/1.0-rc6