CVE-2010-3712

Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component.

Published: Oct 28, 2010
Updated: Nov 9, 2025
CVE: CVE-2010-3712
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
Joomla / joomla	1.5.11	1.5.11.x
Joomla / joomla	1.5.13	1.5.13.x
Joomla / joomla	1.5.3	1.5.3.x
Joomla / joomla	1.5.2	1.5.2.x
Joomla / joomla	1.5.9	1.5.9.x
Joomla / joomla	1.5.18	1.5.18.x
Joomla / joomla	1.5.16	1.5.16.x
Joomla / joomla	1.5.4	1.5.4.x
Joomla / joomla	1.5.10	1.5.10.x
Joomla / joomla	1.5.7	1.5.7.x
Joomla / joomla	1.5.0	1.5.0.x
Joomla / joomla	1.5.15	1.5.15.x
Joomla / joomla	1.5.6	1.5.6.x
Joomla / joomla	1.5.1	1.5.1.x
Joomla / joomla	1.5.17	1.5.17.x
Joomla / joomla	1.5.8	1.5.8.x
Joomla / joomla	1.5.19	1.5.19.x
Joomla / joomla	1.5.12	1.5.12.x
Joomla / joomla	1.5.5	1.5.5.x
Joomla / joomla	1.5.20	1.5.20.x
Joomla / joomla	1.5.15-rc	1.5.15-rc.x
Joomla / joomla	1.5.14	1.5.14.x

Vulnerability Database

314,343

CVE-2010-3712

Deep Security Visibility Without the Complexity