Vulnerabilities > Joomla > Joomla > 1.0.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-10-07 | CVE-2011-4910 | Cross-Site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
2012-10-07 | CVE-2011-4909 | Cross-Site Scripting vulnerability in Joomla Joomla! Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php. | 4.3 |
2011-11-23 | CVE-2011-4332 | Cross-Site Scripting vulnerability in Joomla Joomla! Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-07-27 | CVE-2011-2890 | Information Exposure vulnerability in Joomla Joomla! The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488. | 5.0 |
2011-07-27 | CVE-2011-2889 | Information Exposure vulnerability in Joomla Joomla! templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. | 5.0 |
2011-07-27 | CVE-2011-2488 | Information Exposure vulnerability in Joomla Joomla! Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2009-11-16 | CVE-2009-3946 | Information Exposure vulnerability in Joomla Joomla! Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. | 5.0 |
2009-11-16 | CVE-2009-3945 | Remote Security vulnerability in Joomla! Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors. | 5.5 |
2009-09-16 | CVE-2009-3215 | SQL Injection vulnerability in PHP-Shop-System Ixxo Cart SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. | 7.5 |
2009-02-26 | CVE-2008-6299 | Cross-Site Scripting vulnerability in Joomla Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." | 3.5 |