Unrated severityNVD Advisory· Published Jun 5, 2009· Updated Jun 16, 2026
CVE-2009-1940
CVE-2009-1940
Description
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.9:*:*:*:*:*:*:*
- (no CPE)range: <=1.5.10
Patches
Vulnerability mechanics
References
7- developer.joomla.org/security/news/295-20090601-core-comusers-xss.htmlnvdPatchVendor Advisory
- osvdb.org/54869nvdPatch
- www.securityfocus.com/bid/35189nvdExploitPatch
- secunia.com/advisories/35278nvdVendor Advisory
- www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.htmlnvd
- www.vupen.com/english/advisories/2009/1497nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/50924nvd
News mentions
0No linked articles in our index yet.