CVE-2011-2892

Published: Jul 27, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Affected (20)

Products: Joomla: Joomla!

Joomla

1 product

Joomla!

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Joomla Joomla!	Version 1.6.0
Joomla Joomla!	Version 1.6.1
Joomla Joomla!	Version 1.6 alpha2
Joomla Joomla!	Version 1.6 alpha
Joomla Joomla!	Version 1.6 beta10
Joomla Joomla!	Version 1.6 beta11
Joomla Joomla!	Version 1.6 beta12
Joomla Joomla!	Version 1.6 beta13
Joomla Joomla!	Version 1.6 beta14
Joomla Joomla!	Version 1.6 beta15
Joomla Joomla!	Version 1.6 beta1
Joomla Joomla!	Version 1.6 beta2
Joomla Joomla!	Version 1.6 beta3
Joomla Joomla!	Version 1.6 beta4
Joomla Joomla!	Version 1.6 beta5
Joomla Joomla!	Version 1.6 beta6
Joomla Joomla!	Version 1.6 beta7
Joomla Joomla!	Version 1.6 beta8
Joomla Joomla!	Version 1.6 beta9
Joomla Joomla!	Version 1.6 rc1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html

Source: cve@mitre.org

Exploit

http://developer.joomla.org/security/news/347-20110409-core-clickjacking.html

Source: cve@mitre.org

http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://developer.joomla.org/security/news/347-20110409-core-clickjacking.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.