The Joomla component Ninjaboard 0.5.0beta suffers from multiple persistent XSS vulnerabilities in its BBCode implementation, as well as a minor CSRF vulnerability and a minor Path Disclosure vulnerability.
XSS 1: Nested [img] Tags
Requires minimal user interaction
XSS 3: CSS Injection
XSS 4: Nested [url] Tags
Requires minimal user interaction, displays indications of malware, but still technically exploitable.
CSRF: [img] Tags
Path Disclosure: Profile View 'id' parameter
Passing non-numeric values for the 'id' parameter of the profile page results in a Fatal Error, which reveals the full path to components/com_ninjaboard/models/profile.php.
These issues are fixed in the latest release, and users are urged to upgrade.
- Vulnerabilities Discovered: 14 July 2009
- Vendor Notified: 16 July 2009
- Vendor Response: 16 July 2009
- Update Available: 2009
- Disclosure: 15 November... 2009
The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.