Cross-Site Scripting Vulnerability in Joomla BSQ Sitestats by Joomla
CVE-2006-7125

Currently unrated

Key Information:

Vendor: Joomla
Status: Bsq Sitestats
Vendor: CVE Published:; 6 March 2007

What is CVE-2006-7125?

The Joomla BSQ Sitestats plugin suffers from a cross-site scripting (XSS) vulnerability that permits remote attackers to inject arbitrary web scripts or HTML. This exploitation occurs via the HTTP Referer header, which is inadequately processed when administrators access site statistics. Such vulnerabilities can lead to significant security risks, including session hijacking or defacement of the targeted site.

References

http://www.vupen.com/english/advisories/2006/4090

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/20614

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/449125/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2007
Vulnerability Reserved
Mar 5, 2007

JSON