Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joomlaextensions | Com Hmcommunity | <= 1.0 |
| Joomla | Joomla\! | All versions |
Related Weaknesses (CWE)
References
- http://joomlaextensions.co.in/index.php?option=com_jeshop&view=category_detail&I
- http://secunia.com/advisories/46656Vendor Advisory
- http://www.exploit-db.com/exploits/18050Exploit
- http://www.osvdb.org/76726
- http://joomlaextensions.co.in/index.php?option=com_jeshop&view=category_detail&I
- http://secunia.com/advisories/46656Vendor Advisory
- http://www.exploit-db.com/exploits/18050Exploit
- http://www.osvdb.org/76726
FAQ
What is CVE-2011-4809?
CVE-2011-4809 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) la...
How severe is CVE-2011-4809?
CVE-2011-4809 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4809?
Check the references section above for vendor advisories and patch information. Affected products include: Joomlaextensions Com Hmcommunity, Joomla Joomla\!.