CVE-2010-3712: XSS
First published: Thu Oct 28 2010(Updated: )
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joomla | =1.5.11 | |
| Joomla | =1.5.13 | |
| Joomla | =1.5.3 | |
| Joomla | =1.5.2 | |
| Joomla | =1.5.9 | |
| Joomla | =1.5.18 | |
| Joomla | =1.5.16 | |
| Joomla | =1.5.4 | |
| Joomla | =1.5.10 | |
| Joomla | =1.5.7 | |
| Joomla | =1.5.0 | |
| Joomla | =1.5.15 | |
| Joomla | =1.5.6 | |
| Joomla | =1.5.1 | |
| Joomla | =1.5.17 | |
| Joomla | =1.5.8 | |
| Joomla | =1.5.19 | |
| Joomla | =1.5.12 | |
| Joomla | =1.5.5 | |
| Joomla | =1.5.20 | |
| Joomla | =1.5.15-rc | |
| Joomla | =1.5.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2010/10/08/4
- http://www.openwall.com/lists/oss-security/2010/10/11/4
- http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities
- http://www.openwall.com/lists/oss-security/2011/03/13/8
- http://www.openwall.com/lists/oss-security/2011/03/18/3
- http://www.openwall.com/lists/oss-security/2011/03/14/22
- http://www.openwall.com/lists/oss-security/2011/03/18/5
- http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=22767
- http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.5.20%5D_cross_site_scripting(XSS)
- http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.5.20%5D_cross_site_scripting%28XSS%29
Frequently Asked Questions
What is the severity of CVE-2010-3712?
CVE-2010-3712 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2010-3712?
To fix CVE-2010-3712, you should upgrade Joomla! to version 1.5.21 or later or 1.6.1 or later.
What are the affected versions of Joomla! for CVE-2010-3712?
CVE-2010-3712 affects Joomla! versions prior to 1.5.21 and 1.6.1.
What type of vulnerability is CVE-2010-3712?
CVE-2010-3712 is a cross-site scripting (XSS) vulnerability that allows attackers to inject arbitrary script or HTML.
Can CVE-2010-3712 affect user data?
Yes, CVE-2010-3712 can potentially affect user data by allowing attackers to execute malicious scripts in the context of a user’s session.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/description
- agent/tags
- agent/severity
- agent/event
- collector/nvd-api
- agent/author
- agent/softwarecombine
- vendor/joomla
- canonical/joomla
- version/joomla/1.5.11
- version/joomla/1.5.13
- version/joomla/1.5.3
- version/joomla/1.5.2
- version/joomla/1.5.9
- version/joomla/1.5.18
- version/joomla/1.5.16
- version/joomla/1.5.4
- version/joomla/1.5.10
- version/joomla/1.5.7
- version/joomla/1.5.0
- version/joomla/1.5.15
- version/joomla/1.5.6
- version/joomla/1.5.1
- version/joomla/1.5.17
- version/joomla/1.5.8
- version/joomla/1.5.19
- version/joomla/1.5.12
- version/joomla/1.5.5
- version/joomla/1.5.20
- version/joomla/1.5.15-rc
- version/joomla/1.5.14