Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2011-4830First vendor Publication2011-12-14
VendorCveLast vendor Modification2011-12-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Cvss Base Score3.5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score6.8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4830

CWE : Common Weakness Enumeration

idName
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

OpenVAS Exploits

DateDescription
2011-11-04Name : Joomla! Barter Sites 'com_listing' Component 'category_id' Parameter SQL Inje...
File : nvt/gb_joomla_barter_sites_category_id_param_sql_inj_vuln.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
76269Barter Component for Joomla! index.php Multiple Parameter XSS

Internal Sources (Detail)

SourceUrl
EXPLOIT-DBhttp://www.exploit-db.com/exploits/18046
MISChttp://docs.joomla.org/Vulnerable_Extensions_List#Barter_Sites_1.3
http://my.barter-sites.com/index.php?option=com_content&view=article&...

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 23:11:57
  • Multiple Updates