Cross-Site Scripting Vulnerability in Joomla! Beamospetition Component
CVE-2009-0378

Currently unrated

Key Information:

Vendor: Joomla
Status: Com Beamospetition
Vendor: CVE Published:; 2 February 2009

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2009-0378?

The Beamospetition component for Joomla! contains a cross-site scripting (XSS) vulnerability located in the index.php file. This flaw allows remote attackers to manipulate the pet parameter during a sign action, potentially leading to the injection of arbitrary web scripts or HTML. If exploited, this could allow attackers to execute malicious scripts in the context of a user's browser, compromising user sessions or redirecting users to untrusted sites.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-0378 - Proof of Concept

References

http://www.securityfocus.com/archive/1/500250/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://www.exploit-db.com/exploits/7847

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/33391

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 2, 2009
👾
Exploit known to exist
Feb 2, 2009
Vulnerability published
Feb 2, 2009
Vulnerability Reserved
Feb 2, 2009

CVE-2009-0378 Data

JSON