CVE-2011-2710
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.
We have discovered 269,324 live websites that are affected by CVE-2011-2710.
Affected Software
| Product |  Joomla |
| Category | Content Management System |
| Vulnerable Domains | 269,324 live websites (96.96% of Joomla install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 5 versions ( 2.98% of all versions) |
Details
- Published - Jul 28, 2011
- Updated - Aug 6, 2024
CVE References
CVE-2011-2710 usage by Country
 United States | 15,650 websites |
 Italy | 66,475 websites |
 Australia | 24,778 websites |
 GB | 16,650 websites |
 Germany | 13,922 websites |
 Russia | 13,653 websites |
 Poland | 12,647 websites |
 Netherlands | 11,490 websites |
 Iran | 9,178 websites |
 South Africa | 8,919 websites |
CVE-2011-2710 usage by TLD
| .com | 65,530 websites |
| .it | 43,653 websites |
| .com.au | 17,023 websites |
| .ru | 11,702 websites |
| .pl | 9,044 websites |
| .co.uk | 8,967 websites |
| .org | 7,412 websites |
| .nl | 6,830 websites |
| .de | 6,636 websites |
| .net | 5,799 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2011-2710
Top websites that are affected by CVE-2011-2710. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****************.de | Germany | *,*** | |
| *******.**.ca |  Canada | *,*** | |
| **************.********.com | United States | **,*** | |
| ***********.com | Italy | **,*** | |
| ***********.**.za | South Africa | **,*** | |
| ********.com |  Serbia | **,*** | |
| ***************.com | Italy | **,*** | |
| ********.com | United States | **,*** | |
| *********.com | GB | **,*** | |
| *****.**.uk | GB | **,*** |
References
- http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html
- http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-rc%5D_cross_site_scripting%28XSS%29
- http://www.openwall.com/lists/oss-security/2011/11/21/27
- http://www.openwall.com/lists/oss-security/2011/07/22/5
- http://www.openwall.com/lists/oss-security/2011/07/22/1
- http://www.openwall.com/lists/oss-security/2011/10/16/1