Joomla Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2011-2509

Multiple cross-site scripting (XSS) vulnerabilities in Joomla before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component as demonstrated by the Itemid parameter to index.php (2) the query string to the com_content component as demonstrated by the filter_order parameter to index.php (3) the query string to the com_newsfeeds component as demonstrated by an arbitrary parameter to index.php or (4) the option parameter in a reset.request action to index.php and when Internet Explorer or Konqueror is used (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.