Vulnerability-Lookup

CERTA-2011-AVI-405

Vulnerability from certfr_avis - Published: 2011-07-21 - Updated: 2011-07-29

Une vulnérabilité permet à une personne distante malintentionnée d'effectuer une injection de code indirecte.

Description

Une vulnérabilité non détaillée permet à une personne distante malintentionnée d'effectuer une injection de code indirecte.

Solution

La version 1.6.6 de Joomla! corrige le problème.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Joomla! versions 1.6.5 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CVE-2011-2710 (GCVE-0-2011-2710)

Vulnerability from cvelistv5 – Published: 2011-07-27 20:00 – Updated: 2024-08-06 23:08

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://developer.joomla.org/security/news/357-201…	x_refsource_CONFIRM
	http://yehg.net/lab/pr0js/advisories/joomla/core/…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2011/1…	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2011/07/22/5	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2011/07/22/1	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2011/10/16/1	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:23.764Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-rc%5D_cross_site_scripting%28XSS%29"
          },
          {
            "name": "[oss-security] 20111121 Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/11/21/27"
          },
          {
            "name": "[oss-security] 20110722 Re: CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/07/22/5"
          },
          {
            "name": "[oss-security] 20110722 CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/07/22/1"
          },
          {
            "name": "[oss-security] 20111016 Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/10/16/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.  NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-11-27T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-rc%5D_cross_site_scripting%28XSS%29"
        },
        {
          "name": "[oss-security] 20111121 Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/11/21/27"
        },
        {
          "name": "[oss-security] 20110722 Re: CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/07/22/5"
        },
        {
          "name": "[oss-security] 20110722 CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/07/22/1"
        },
        {
          "name": "[oss-security] 20111016 Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/10/16/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2710",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.  NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html",
              "refsource": "CONFIRM",
              "url": "http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html"
            },
            {
              "name": "http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.7.0-rc]_cross_site_scripting(XSS)",
              "refsource": "MISC",
              "url": "http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.7.0-rc]_cross_site_scripting(XSS)"
            },
            {
              "name": "[oss-security] 20111121 Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/11/21/27"
            },
            {
              "name": "[oss-security] 20110722 Re: CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/07/22/5"
            },
            {
              "name": "[oss-security] 20110722 CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/07/22/1"
            },
            {
              "name": "[oss-security] 20111016 Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/10/16/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2710",
    "datePublished": "2011-07-27T20:00:00",
    "dateReserved": "2011-07-11T00:00:00",
    "dateUpdated": "2024-08-06T23:08:23.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted