Strix
26.1K

CVE-2011-2509

UnknownEPSS 1.09%

Last modified

CVE-2011-2509 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and, when Internet Explorer or Konqueror is used, (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.. EPSS estimates a 1.09% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and, when Internet Explorer or Konqueror is used, (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.

Metrics

EPSS Probability
1.09%

61.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
JoomlaJoomla\!<= 1.6.3
JoomlaJoomla\!1.5.0
JoomlaJoomla\!1.5.1
JoomlaJoomla\!1.5.2
JoomlaJoomla\!1.5.3
JoomlaJoomla\!1.5.4
JoomlaJoomla\!1.5.5
JoomlaJoomla\!1.5.6
JoomlaJoomla\!1.5.7
JoomlaJoomla\!1.5.8
JoomlaJoomla\!1.5.9
JoomlaJoomla\!1.5.10
JoomlaJoomla\!1.5.11
JoomlaJoomla\!1.5.12
JoomlaJoomla\!1.5.13
JoomlaJoomla\!1.5.14
JoomlaJoomla\!1.5.15
JoomlaJoomla\!1.5.16
JoomlaJoomla\!1.5.17
JoomlaJoomla\!1.5.18
JoomlaJoomla\!1.5.19
JoomlaJoomla\!1.5.20
JoomlaJoomla\!1.5.21
JoomlaJoomla\!1.5.22
JoomlaJoomla\!1.5.23
JoomlaJoomla\!1.6Alpha
JoomlaJoomla\!1.6.0
JoomlaJoomla\!1.6.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2011-2509?
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and, when Internet Explorer or Konqueror is used, (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.
How severe is CVE-2011-2509?
Severity scoring for CVE-2011-2509 is pending analysis. The EPSS model estimates a 1.09% probability of exploitation in the next 30 days.
How do I fix CVE-2011-2509?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-2509?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST