CVE Vulnerability

CVE-2007-5577

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.joomla.org/content/view/3677/1/ Vendor Advisory
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=5654 Patch Vendor Advisory
http://www.joomla.org/content/view/3670/78/ Release Notes Vendor Advisory
http://www.securityfocus.com/bid/24663 Third Party Advisory VDB Entry
http://secunia.com/advisories/25804 Patch Vendor Advisory
http://osvdb.org/37173 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/35119 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:joomla:joomla!:*:*:*:*:*:*:*:*
Information

Published : 2007-10-18 09:17

Updated : 2021-10-01 03:03

NVD link : CVE-2007-5577

Mitre link : CVE-2007-5577

Products Affected
No products.
CWE
CWE-79