SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2010-3712

Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

http://www.openwall.com/lists/oss-security/2010/10/08/4

http://www.openwall.com/lists/oss-security/2010/10/11/4

http://www.openwall.com/lists/oss-security/2011/03/13/8

http://www.openwall.com/lists/oss-security/2011/03/14/22

http://www.openwall.com/lists/oss-security/2011/03/18/5

http://www.openwall.com/lists/oss-security/2011/03/18/3

http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities

http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=22767

http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.5.20%5D_cross_site_scripting%28XSS%29


30430



423868



247621



909



194512



282