CVE-2011-4809

Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:joomlaextensions:com_hmcommunity:*:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-12-14 00:55

Updated : 2024-02-04 17:54


NVD link : CVE-2011-4809

Mitre link : CVE-2011-4809

CVE.ORG link : CVE-2011-4809


JSON object : View

Products Affected

joomla

  • joomla\!

joomlaextensions

  • com_hmcommunity
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')