Vulnerability Description
The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using "<<>AAA<><>", possibly due to nested or empty tags.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joomla | Joomla | 1.0.7 |
References
- http://www.joomla.org/content/view/938/78/
- http://www.osvdb.org/23816Exploit
- http://www.securityfocus.com/archive/1/426538/100/0/threaded
- http://www.joomla.org/content/view/938/78/
- http://www.osvdb.org/23816Exploit
- http://www.securityfocus.com/archive/1/426538/100/0/threaded
FAQ
What is CVE-2006-1029?
CVE-2006-1029 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malforme...
How severe is CVE-2006-1029?
CVE-2006-1029 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1029?
Check the references section above for vendor advisories and patch information. Affected products include: Joomla Joomla.