Joomla! Multiple Unspecified Cross Site Scripting and Information Disclosure Vulnerabilities

Bugtraq ID:	51663
Class:	Input Validation Error
CVE:	CVE-2012-0819 CVE-2012-0820 CVE-2012-0821 CVE-2012-0822
Remote:	Yes
Local:	No
Published:	Jan 25 2012 12:00AM
Updated:	Mar 19 2015 09:34AM
Credit:	Cyrille Barthelemy, Ankita Kapadia, Jean-Marie Simonet, and David Jardin
Vulnerable:	Joomla Joomla! 1.7.1 Joomla Joomla! 1.6.6 Joomla Joomla! 1.6.4 Joomla Joomla! 1.6.3 Joomla Joomla! 1.6.2 Joomla Joomla! 1.6.1 Joomla Joomla! 1.6.5 Joomla Joomla! 1.6.4 Joomla Joomla! 1.6.3 Joomla Joomla! 1.6.1 Joomla Joomla! 1.6 RC1 Joomla Joomla! 1.6 Beta9 Joomla Joomla! 1.6 Beta8 Joomla Joomla! 1.6 Beta7 Joomla Joomla! 1.6 Beta6 Joomla Joomla! 1.6 Beta5 Joomla Joomla! 1.6 Beta4 Joomla Joomla! 1.6 Beta3 Joomla Joomla! 1.6 Beta2 Joomla Joomla! 1.6 Beta15 Joomla Joomla! 1.6 Beta14 Joomla Joomla! 1.6 Beta13 Joomla Joomla! 1.6 Beta12 Joomla Joomla! 1.6 Beta11 Joomla Joomla! 1.6 Beta10 Joomla Joomla! 1.6 Beta1 Joomla Joomla! 1.6 Alpha2 Joomla Joomla! 1.6 Alpha Joomla Joomla 1.7.2 Joomla Joomla 1.7 Joomla Joomla 1.6.5 Joomla Joomla 1.6.4 Joomla Joomla 1.6.3 Joomla Joomla 1.6 Joomla Joomla 1.7.3
Not Vulnerable:	Joomla Joomla 2.5.0 Joomla Joomla 1.7.4

Joomla! Multiple Unspecified Cross Site Scripting and Information Disclosure Vulnerabilities

Joomla! is prone to multiple unspecified cross-site scripting vulnerabilities and an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. The information-disclosure vulnerability can allow the attacker to obtain sensitive information that can aid in launching further attacks.

Joomla! versions 1.7.3 and prior are vulnerable.