CVE-2010-1649 – joomla/joomla-cms

Package

Manager: composer
Name: joomla/joomla-cms
Vulnerable Version: >=1.5 <1.5.18

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00031 pctl0.07409

Details

Joomla! vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.

Metadata

Created: 2022-05-14T03:08:11Z
Modified: 2025-04-12T01:08:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fj57-vhrc-73r7/GHSA-fj57-vhrc-73r7.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-fj57-vhrc-73r7
Finding: F425
Auto approve: 1