CVE-2010-1649: XSS
First published: Mon Jun 07 2010(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joomla | =1.5.0 | |
| Joomla | =1.5.1 | |
| Joomla | =1.5.2 | |
| Joomla | =1.5.3 | |
| Joomla | =1.5.4 | |
| Joomla | =1.5.5 | |
| Joomla | =1.5.6 | |
| Joomla | =1.5.7 | |
| Joomla | =1.5.8 | |
| Joomla | =1.5.9 | |
| Joomla | =1.5.10 | |
| Joomla | =1.5.11 | |
| Joomla | =1.5.12 | |
| Joomla | =1.5.13 | |
| Joomla | =1.5.14 | |
| Joomla | =1.5.15 | |
| Joomla | =1.5.16 | |
| Joomla | =1.5.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.osvdb.org/65011
- http://secunia.com/advisories/39964
- http://www.securityfocus.com/bid/40444
- http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla!+Security+News%29
- http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
Frequently Asked Questions
What is the severity of CVE-2010-1649?
CVE-2010-1649 has a moderate severity rating, as it allows attackers to perform cross-site scripting attacks against Joomla! installations.
How do I fix CVE-2010-1649?
To fix CVE-2010-1649, upgrade your Joomla! installation to version 1.5.18 or later.
What versions of Joomla! are affected by CVE-2010-1649?
CVE-2010-1649 affects Joomla! versions 1.5.0 through 1.5.17.
What types of vulnerabilities does CVE-2010-1649 include?
CVE-2010-1649 includes multiple cross-site scripting (XSS) vulnerabilities in administrator screens.
Can CVE-2010-1649 be exploited remotely?
Yes, CVE-2010-1649 can be exploited remotely by attackers to inject arbitrary web scripts or HTML.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/tags
- collector/nvd-api
- agent/weakness
- agent/author
- agent/softwarecombine
- vendor/joomla
- canonical/joomla
- version/joomla/1.5.0
- version/joomla/1.5.1
- version/joomla/1.5.2
- version/joomla/1.5.3
- version/joomla/1.5.4
- version/joomla/1.5.5
- version/joomla/1.5.6
- version/joomla/1.5.7
- version/joomla/1.5.8
- version/joomla/1.5.9
- version/joomla/1.5.10
- version/joomla/1.5.11
- version/joomla/1.5.12
- version/joomla/1.5.13
- version/joomla/1.5.14
- version/joomla/1.5.15
- version/joomla/1.5.16
- version/joomla/1.5.17