Search

Advanced Search

Search Only:



Total: 34 results found.
Search Keyword xss
Page 1 of 2
«StartPrev12NextEnd»
1.
(Code/Joomla!)
Joomla! versions before 3.5.0, including the 2.5.x series (likely all the way back to 1.6.0, no regression testing done) are vulnerable to reflective XSS: Joomla! 3.5.0 Reflective XSS ============================ http://[joomla ...
2.
(Code/Joomla!)
Now that 1.6.1 is officially released, I figured I'd go ahead and publish a few of the "sensitive" bugs I found in 1.6.0. So without further ado... Persistent XSS http://developer.joomla.org/security/news/331-20110204-core-xss-vulnerabilities Log ...
3.
(Code/Joomla!)
... and strips out any code that is not allowed. However, malformed html code can be used to bypass the filter and inject XSS code into user-supplied input. The following string bypasses JFilterInput's ...
4.
(Code/Joomla!)
The guys over at YGN posted a video today of a 0-day Joomla! 1.5.20 XSS flaw. I've taken a look and have a quick fix that should prevent exploitation. The flaw is in libraries/joomla/document/html/html.php, ...
5.
(Comments/All)
JoomlaWorks, I just tested the latest SVN and you managed to get the frontend XSS, however the Comments panel in administrator is still vulnerable to the Website field XSS... ...
6.
(Code/Joomla!)
K2 v2.3, the popular Joomla! CCK extension, suffers from persistent XSS vulnerabilities in its comment facility. Comment "Name" Field Persistent XSS " style="position:absolute;top:0px;left:0px;width:99em;height:99em" ...
7.
(Code/Joomla!)
JComments 2.2.0.0 suffers from a persistent XSS vulnerability in the way it handles certain BBCodes. If [url] and [img] tags are available, the following malformed BBCode will result in code execution: ...
8.
(Code/Joomla!)
... are all patched in the latest (4.1.7 at the time of this writing). Malformed BBCode Persistent XSS, #1 a[img]b[img]c[/img]d[/img]e a[url=http://jeffchannell.com]b[img]c=''/style='position:absolute;top:-1px;left:-1px;width:999em;height:999em'/onmouseover='location.href=String.fromCharCode(104,116,116,112,58,47,47,106,101,102,102,99,104,97,110,110,101,108,108,46,99,111,109)'/[/url]d[/img]e Malformed ...
9.
(Code/Joomla!)
Compojoom, developers of CompojoomComment, opened up a contest to hack their comment component. After being alerted to the contest by my good friend Lafrance, I took a peek and had a working XSS exploit ...
10.
(Code/Joomla!)
The Joomla component Ninjaboard 0.5.0beta suffers from multiple persistent XSS vulnerabilities in its BBCode implementation, as well as a minor CSRF vulnerability and a minor Path Disclosure vulnerability. ...
11.
(Code/Joomla!)
... select 1,2,VERSION(),4,5,6,7,8,9,10,11,12 -- [img] BBCode [color] Tag XSS [color=red;xss:expression(window.r?0:(alert(String.fromCharCode(88,83,83)),window.r=1))]XSS[/color] [url] BBCode [img] ...
12.
(Code/Joomla!)
Joomla Commentator 1.1b3, a Joomla commenting plugin, suffers from an XSS vulnerability in its "title" field that enables attackers to possibly run scripts as an administrator. title"/onmouseover="alert(/xss/.source) Timeline ...
13.
(Other/Other)
I figured I'd do a little blog posting about finding and exploiting XSS vulnerabilities in BBCode implementations. Not many sources exist for this type of information, and certainly none exist that I am ...
14.
(Code/Joomla!)
The Joomla component EasyBook 2.0.0rc4 suffers from multiple persistent XSS vulnerabilities. One seems fairly critical, while the others would take some incredible creativity to actively exploit. BBCode ...
15.
(Code/Joomla!)
... default setting upon install. To execute, simply post a new message. Either toggle the editor to 'off' or use the HTML Source editing button, insert your JavaScript, and submit! <script>alert('xss');</script> The ...
16.
(Code/Joomla!)
The Joomla component F!BB 1.5.96 RC suffers from multiple persistent XSS vulnerabilities, as well SQL Injection in its user search feature. ICQ, MSN Profile Fields XSS The MSN field will be rendered ...
17.
(Code/Joomla!)
The Joomla component Rapid Forum suffers from a persistent XSS vulnerability. This vulnerability is pretty easy to exploit, as Rapid Forum does absolutely no validation or encoding whatsoever. <script>alert(document.cookie)</script> Timeline ...
18.
(Code/Joomla!)
The Simplest Forum BBCode Plugin 1.0.0 Beta 2 for Joomla suffers from a persistent XSS vulnerability that allows arbitrary injections of CSS rules. [color=#FF0000;font-size:100px]XSS[/color] Timeline ...
19.
(Code/Joomla!)
The Joomla component Testimonial Ku 2.0 is vulnerable to persistent XSS in the administrator panel. A malicious user can submit a testimonial containing <script> tags with absolutely no quotes and ...
20.
(Code/Joomla!)
... write many. Website Input XSS The 'Website' input field is checked for html markup, but fails to sanitize extra parameters. " onmouseover="alert(String.fromCharCode(88,83,83)) " style="color:expression(alert(String.fromCharCode(88,83,83))) Timeline ...
Page 1 of 2
«StartPrev12NextEnd»

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Santorum
Joomla Extensions