The Joomla component Rapid Forum suffers from a persistent XSS vulnerability.

<script>alert(document.cookie)</script>

Timeline

• Vulnerabilities Discovered: 31 July 2009
• Vendor Notified: 31 July 2009
• Vendor Response: ... 2009
• Update Available: ... 2009
• Disclosure: 17 September 2009

The Simplest Forum BBCode Plugin 1.0.0 Beta 2 for Joomla suffers from a persistent XSS vulnerability that allows arbitrary injections of CSS rules.

[color=#FF0000;font-size:100px]XSS[/color]

Timeline

• Vulnerabilities Discovered: 31 July 2009
• Vendor Notified: 31 July 2009
• Vendor Response: ... 2009
• Update Available: ... 2009
• Disclosure: 17 September 2009

The Joomla component Testimonial Ku 2.0 is vulnerable to persistent XSS in the administrator panel. A malicious user can submit a testimonial containing <script> tags with absolutely no quotes and inject that script into the administrator panel through any of the available inputs except "email".

Fake Submission<script>alert(document.cookie)</script>

Now, when an administrator views the latest submissions, the script will execute with that admin's permissions.

Timeline

• Vulnerabilities Discovered: 31 July 2009
• Vendor Notified: 31 July 2009
• Vendor Response: ... 2009
• Update Available: ... 2009
• Disclosure: 17 September 2009

MS Comment 0.8.0b for Joomla, a commenting plugin, suffers from an multiple vulnerabilities.

1. Captcha Cracking

   The submission uses AJAX and fails to reset the captcha after a submission. Read once, write many.

2. Website Input XSS

   The 'Website' input field is checked for html markup, but fails to sanitize extra parameters.

   " onmouseover="alert(String.fromCharCode(88,83,83))

   " style="color:expression(alert(String.fromCharCode(88,83,83)))

   Timeline

   • Vulnerabilities Discovered: 31 July 2009
   • Vendor Notified: 31 July 2009
   • Vendor Response: ... 2009
   • Update Available: ... 2009
   • Disclosure: 17 September 2009