CVE-2011-4809 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[] (2) university[] (3) persent[] (4) company_name[] (5) designation[] (6) music[] (7) books[] (8) movies[] (9) games[] (10) syp[] (11) ft[] and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.

Reference

http://joomlaextensions.co.in/index.php?option=com_jeshop&view=category_detail&Itemid=118&id=38 http://secunia.com/advisories/46656 http://www.exploit-db.com/exploits/18050 http://www.osvdb.org/76726