jeffchannell.com

EasyBook 2.0.0rc4 Multiple XSS Vulnerabilities

Posted in Joomla!
2009-09-17 05:00:00 +0000 UTC

The Joomla component EasyBook 2.0.0rc4 suffers from multiple persistent XSS vulnerabilities. One seems fairly critical, while the others would take some incredible creativity to actively exploit.

  1. BBCode XSS

    Settings:

    • Allow BBCode - on (default)
    • Allow Pictures - on (not default)
    [img]fake.png" onerror="alert(String.fromCharCode(88,83,83))[/img]
  2. Website URL XSS

    Settings:

    • Show web site field: Show (default)
    foo.com" onmouseover="alert(String.fromCharCode(88,83,83));return false;

    Requires minimal user interaction

  3. Skype/Yahoo Username XSS

    Very narrow scope, as entries are truncated. XSS still technically possible. Requires user interaction.

    ' onclick="alert('XSS')"
  4. AIM/MSN Username XSS

    Again, narrow scope. See 3.

    " onclick="alert('xss')"

    ICQ username is similar, but scope seems too narrow to exploit.

Timeline