Unrated severityNVD Advisory· Published Jun 5, 2009· Updated Apr 23, 2026

CVE-2009-1939

Description

Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML.

Vulnerability

The JA_Purity template for Joomla! 1.5.x through 1.5.10 contains a cross-site scripting (XSS) vulnerability. The exact vector is unspecified, but it is a core template issue. Affected versions: Joomla! 1.5.x up to 1.5.10. [1]

Exploitation

An attacker can exploit this by injecting arbitrary web script or HTML via unspecified vectors. No authentication is required; the attacker only needs to trick a user into interacting with a crafted link or content. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary script in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. [1]

Mitigation

Upgrade to Joomla! 1.5.11, which was released on June 5, 2009, and fixes this vulnerability. Users are strongly encouraged to upgrade immediately. [1]

References

Joomla 1.5.11 Security Release Now Available

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Joomla/Joomla!14 versions
cpe:2.3:a:joomla:joomla:1.5.0_beta:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:joomla:joomla:1.5.0_beta:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.0_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.0_beta2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.9:*:*:*:*:*:*:*
Joomla/ja_purityllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/35189nvdExploitPatch
developer.joomla.org/security/news/296-20090602-core-japurity-xss.htmlnvdVendor Advisory
secunia.com/advisories/35278nvdVendor Advisory
osvdb.org/54870nvd
www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.htmlnvd
www.vupen.com/english/advisories/2009/1497nvd
exchange.xforce.ibmcloud.com/vulnerabilities/50922nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000