Cross-Site Scripting Vulnerabilities in HM Community Component for Joomla!
CVE-2011-4809

Currently unrated

Key Information:

Vendor: Joomlaextensions
Status: Com Hmcommunity
Vendor: CVE Published:; 14 December 2011

🔔 Create Joomlaextensions Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2011-4809?

The HM Community component for Joomla! is susceptible to multiple cross-site scripting vulnerabilities that enable remote attackers to inject arbitrary web scripts or HTML. This exploitation can occur through various parameters during a save task for user profiles, including language, university, present, company_name, designation, music, books, movies, games, syp, ft, and fa, thereby compromising user data and website integrity.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2011-4809 - Proof of Concept

References

http://joomlaextensions.co.in/index.php?option=com_jeshop...

x_refsource_MISC

http://secunia.com/advisories/46656

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/76726

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Dec 14, 2011
👾
Exploit known to exist
Dec 14, 2011
Vulnerability published
Dec 14, 2011

CVE-2011-4809 Data

JSON