Strix
26.1K

CVE-2011-2710

UnknownEPSS 1.26%

Last modified

CVE-2011-2710 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.. EPSS estimates a 1.26% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.

Metrics

EPSS Probability
1.26%

65.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
JoomlaJoomla\!<= 1.6.6
JoomlaJoomla\!1.5.0
JoomlaJoomla\!1.5.1
JoomlaJoomla\!1.5.2
JoomlaJoomla\!1.5.3
JoomlaJoomla\!1.5.4
JoomlaJoomla\!1.5.5
JoomlaJoomla\!1.5.6
JoomlaJoomla\!1.5.7
JoomlaJoomla\!1.5.8
JoomlaJoomla\!1.5.9
JoomlaJoomla\!1.5.10
JoomlaJoomla\!1.5.11
JoomlaJoomla\!1.5.12
JoomlaJoomla\!1.5.13
JoomlaJoomla\!1.5.14
JoomlaJoomla\!1.5.15
JoomlaJoomla\!1.5.16
JoomlaJoomla\!1.5.17
JoomlaJoomla\!1.5.18
JoomlaJoomla\!1.5.19
JoomlaJoomla\!1.5.20
JoomlaJoomla\!1.5.21
JoomlaJoomla\!1.5.22
JoomlaJoomla\!1.5.23
JoomlaJoomla\!1.6Alpha
JoomlaJoomla\!1.6.0
JoomlaJoomla\!1.6.1
JoomlaJoomla\!1.6.3
JoomlaJoomla\!1.6.4
JoomlaJoomla\!1.6.5

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2011-2710?
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.
How severe is CVE-2011-2710?
Severity scoring for CVE-2011-2710 is pending analysis. The EPSS model estimates a 1.26% probability of exploitation in the next 30 days.
How do I fix CVE-2011-2710?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-2710?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST