CVE-2009-1939

Published: Jun 5, 2009Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (14)

Products: Joomla: Joomla

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Joomla Joomla	Version 1.5.0_beta1
Joomla Joomla	Version 1.5.0_beta2
Joomla Joomla	Version 1.5.0_beta
Joomla Joomla	Version 1.5.0_rc1
Joomla Joomla	Version 1.5.10
Joomla Joomla	Version 1.5.1
Joomla Joomla	Version 1.5.2
Joomla Joomla	Version 1.5.3
Joomla Joomla	Version 1.5.4
Joomla Joomla	Version 1.5.5
Joomla Joomla	Version 1.5.6
Joomla Joomla	Version 1.5.7
Joomla Joomla	Version 1.5.8
Joomla Joomla	Version 1.5.9

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (14)

http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html

Source: cve@mitre.org

Vendor Advisory

http://osvdb.org/54870

Source: cve@mitre.org

http://secunia.com/advisories/35278

Source: cve@mitre.org

Vendor Advisory

http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/35189

Source: cve@mitre.org

ExploitPatch

http://www.vupen.com/english/advisories/2009/1497

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/50922

Source: cve@mitre.org

http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://osvdb.org/54870

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35278

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35189

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.vupen.com/english/advisories/2009/1497

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/50922

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.