CVE-2011-2509 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and when Internet Explorer or Konqueror is used (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.

Reference

http://developer.joomla.org/security/news/352-20110604-xss-vulnerability.html http://www.openwall.com/lists/oss-security/2011/06/28/4 http://www.openwall.com/lists/oss-security/2011/06/29/12 http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.6.3]_cross_site_scripting(XSS)