CVE-2011-2509

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and, when Internet Explorer or Konqueror is used, (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.

We have discovered 195,642 live websites that are affected by CVE-2011-2509.

Run a Free Instant Scan



Affected Software

Product  Joomla
Category Content Management System
Vulnerable Domains195,642 live websites (95% of Joomla install base)
Vulnerable Versions
  • from 0 through 1.6.4
Vulnerable Versions Count1 versions ( 0.97% of all versions)



Details

  • Published - Jul 27, 2011
  • Updated - Sep 16, 2024

Website Distribution by Country

Number of websites using CVE-2011-2509
United States14,486 websites


Italy51,181 websites
Russia13,611 websites
GB12,086 websites
Poland11,933 websites
Germany10,934 websites
Netherlands8,337 websites
Australia6,542 websites
South Africa6,336 websites
France4,738 websites

Website Distribution by TLD

Number of websites using CVE-2011-2509
.com48,426 websites
.it33,475 websites
.ru11,465 websites
.pl8,465 websites
.org6,193 websites
.co.uk5,791 websites
.nl5,728 websites
.de5,403 websites
.com.au4,672 websites
.net4,423 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2011-2509

Top websites that are affected by CVE-2011-2509. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*****************.de Germany*,***
*******.**.ca Canada*,***
***********.**.za South Africa**,***
**************.se Sweden**,***
***************.com Italy**,***
*********.com GB**,***
*****.**.uk GB**,***
************.com Germany**,***
*********************.com United States**,***
****.pl Poland**,***
See full domain list

FAQ

A total of 195,642 websites have been identified as vulnerable to CVE-2011-2509, based on global website indexing conducted by WebTechSurvey.
The Joomla is affected by the CVE-2011-2509 vulnerability.
Joomla versions up to and including 1.6.4 are vulnerable to CVE-2011-2509.