Cross-Site Scripting Vulnerability in Joomla! Beamospetition Component
CVE-2009-0378

Currently unrated

Key Information:

Vendor: Joomla
Status: Com Beamospetition
Vendor: CVE Published:; 2 February 2009

Summary

The Beamospetition component for Joomla! contains a cross-site scripting (XSS) vulnerability located in the index.php file. This flaw allows remote attackers to manipulate the pet parameter during a sign action, potentially leading to the injection of arbitrary web scripts or HTML. If exploited, this could allow attackers to execute malicious scripts in the context of a user's browser, compromising user sessions or redirecting users to untrusted sites.

References

http://www.securityfocus.com/archive/1/500250/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://www.exploit-db.com/exploits/7847

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/33391

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 2, 2009
Vulnerability Reserved
Feb 2, 2009