CVE-2007-5577

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.joomla.org/content/view/3677/1/	Vendor Advisory
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=5654	Patch Vendor Advisory
http://www.joomla.org/content/view/3670/78/	Release Notes Vendor Advisory
http://www.securityfocus.com/bid/24663	Third Party Advisory VDB Entry
http://secunia.com/advisories/25804	Patch Vendor Advisory
http://osvdb.org/37173	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/35119	Third Party Advisory VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Information

Published : 2007-10-18 14:17

Updated : 2021-10-01 08:03

NVD link : CVE-2007-5577

Mitre link : CVE-2007-5577

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

joomla

joomla\!

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.joomla.org/content/view/3677/1/", "name": "http://www.joomla.org/content/view/3677/1/", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=5654", "name": "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=5654", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.joomla.org/content/view/3670/78/", "name": "http://www.joomla.org/content/view/3670/78/", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/24663", "name": "24663", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/25804", "name": "25804", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/37173", "name": "37173", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35119", "name": "joomla-section-manager-xss(35119)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-5577", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-10-18T21:17Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.13"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-10-01T15:03Z"}