4.3

CVE-2010-4405

Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Anything-digitalSh404sef Version <= 2.1.7.761
Anything-digitalSh404sef Version1.5.2.255
Anything-digitalSh404sef Version1.5.3.296
Anything-digitalSh404sef Version1.5.4.302
Anything-digitalSh404sef Version1.5.5.388
Anything-digitalSh404sef Version1.5.6.398
Anything-digitalSh404sef Version1.5.7.407
Anything-digitalSh404sef Version1.5.8.432
Anything-digitalSh404sef Version1.5.9.434
Anything-digitalSh404sef Version1.5.10.446
Anything-digitalSh404sef Version1.5.11.459
Anything-digitalSh404sef Version1.5.12.464
Anything-digitalSh404sef Version2.0.0 Updaterc522
Anything-digitalSh404sef Version2.0.1.531
Anything-digitalSh404sef Version2.0.2.542
Anything-digitalSh404sef Version2.0.3.545
Anything-digitalSh404sef Version2.1.0.641
Anything-digitalSh404sef Version2.1.1.644
Anything-digitalSh404sef Version2.1.2.649
Anything-digitalSh404sef Version2.1.3.680
Anything-digitalSh404sef Version2.1.4.734
Anything-digitalSh404sef Version2.1.5.746
Anything-digitalSh404sef Version2.1.6.749
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.49
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.