CVE-2009-1938

Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html	Vendor Advisory
http://secunia.com/advisories/35278	Vendor Advisory
http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html
http://www.osvdb.org/54868
http://www.securityfocus.com/bid/35189	Exploit Patch
http://www.vupen.com/english/advisories/2009/1497
https://exchange.xforce.ibmcloud.com/vulnerabilities/50923

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:joomla:joomla:1.5:::::::*
	cpe:2.3:a:joomla:joomla:1.5:rc1::::::
	cpe:2.3:a:joomla:joomla:1.5:rc2::::::
	cpe:2.3:a:joomla:joomla:1.5:rc3::::::
	cpe:2.3:a:joomla:joomla:1.5.0:beta::::::
	cpe:2.3:a:joomla:joomla:1.5.0:beta1::::::
	cpe:2.3:a:joomla:joomla:1.5.0:beta2::::::
	cpe:2.3:a:joomla:joomla:1.5.0:rc1::::::
	cpe:2.3:a:joomla:joomla:1.5.1:::::::*
	cpe:2.3:a:joomla:joomla:1.5.2:::::::*
	cpe:2.3:a:joomla:joomla:1.5.3:::::::*
	cpe:2.3:a:joomla:joomla:1.5.4:::::::*
	cpe:2.3:a:joomla:joomla:1.5.5:::::::*
	cpe:2.3:a:joomla:joomla:1.5.6:::::::*
	cpe:2.3:a:joomla:joomla:1.5.7:::::::*
	cpe:2.3:a:joomla:joomla:1.5.8:::::::*
	cpe:2.3:a:joomla:joomla:1.5.9:::::::*
	cpe:2.3:a:joomla:joomla:1.5.10:::::::*

History

No history.

Information

Published : 2009-06-05 18:30

Updated : 2023-12-10 10:51

NVD link : CVE-2009-1938

Mitre link : CVE-2009-1938

CVE.ORG link : CVE-2009-1938

JSON object : View

Products Affected

joomla

joomla

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2009-1938", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-06-05T18:30:00.217", "references": [{"url": "http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35278", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/54868", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35189", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1497", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50923", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Joomla! v.1.5.x hasta la v1.5.10. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML a trav\u00e9s de vectores de ataque no especificados relacionados con la salida de la base de datos y el panel de administraci\u00f3n de \"frontend\"."}], "lastModified": "2017-08-17T01:30:34.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "302D47E2-CFA8-438C-82DB-335319454448"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94B01AD8-2B71-4A6A-8932-E61B0FE54246"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1058A361-4B10-4D7C-B789-64A38FE7E201"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D548B3C9-483F-492C-A6BB-694B7217FEE8"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9813E813-2983-4471-9E56-6F254810A66B"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4F4F9E7-BA44-4235-A246-DB6C432C3873"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "495BD724-45BE-4214-B120-3A83BD9AD11B"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B29D3E39-7B43-4D19-B39F-2EB56E30F737"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F155C3B-AAF5-4393-A964-E655113D84DE"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1DA8EEE-F091-49D0-9F9D-4C83574B6A36"}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "731CC868-70FC-44A0-8CC2-D0A4AC5CE094"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}