CVE-2010-1649: Joomla! vulnerable to Cross-site Scripting

May 14, 2022 (updated April 12, 2025)

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to “various administrator screens,” possibly the search parameter in administrator/index.php.

References

github.com/advisories/GHSA-fj57-vhrc-73r7
nvd.nist.gov/vuln/detail/CVE-2010-1649
web.archive.org/web/20200228225430/https://www.securityfocus.com/bid/40444

Code Behaviors & Features

Detect and mitigate CVE-2010-1649 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →