JComments 2.2.0.0 suffers from a persistent XSS vulnerability in the way it handles certain BBCodes. If [url] and [img] tags are available, the following malformed BBCode will result in code execution: ...

... are all patched in the latest (4.1.7 at the time of this writing). Malformed BBCode Persistent XSS, #1 a[img]b[img]c[/img]d[/img]e a[url=http://jeffchannell.com]b[img]c=''/style='position:absolute;top:-1px;left:-1px;width:999em;height:999em'/onmouseover='location.href=String.fromCharCode(104,116,116,112,58,47,47,106,101,102,102,99,104,97,110,110,101,108,108,46,99,111,109)'/[/url]d[/img]e Malformed ...

Compojoom, developers of CompojoomComment, opened up a contest to hack their comment component. After being alerted to the contest by my good friend Lafrance, I took a peek and had a working XSS exploit ...

The Joomla component Ninjaboard 0.5.0beta suffers from multiple persistent XSS vulnerabilities in its BBCode implementation, as well as a minor CSRF vulnerability and a minor Path Disclosure vulnerability. ...

... select 1,2,VERSION(),4,5,6,7,8,9,10,11,12 -- [img] BBCode [color] Tag XSS [color=red;xss:expression(window.r?0:(alert(String.fromCharCode(88,83,83)),window.r=1))]XSS[/color] [url] BBCode [img] ...

Joomla Commentator 1.1b3, a Joomla commenting plugin, suffers from an XSS vulnerability in its "title" field that enables attackers to possibly run scripts as an administrator. title"/onmouseover="alert(/xss/.source) Timeline ...

I figured I'd do a little blog posting about finding and exploiting XSS vulnerabilities in BBCode implementations. Not many sources exist for this type of information, and certainly none exist that I am ...

The Joomla component EasyBook 2.0.0rc4 suffers from multiple persistent XSS vulnerabilities. One seems fairly critical, while the others would take some incredible creativity to actively exploit. BBCode ...

... default setting upon install. To execute, simply post a new message. Either toggle the editor to 'off' or use the HTML Source editing button, insert your JavaScript, and submit! <script>alert('xss');</script> The ...

The Joomla component F!BB 1.5.96 RC suffers from multiple persistent XSS vulnerabilities, as well SQL Injection in its user search feature. ICQ, MSN Profile Fields XSS The MSN field will be rendered ...

The Joomla component Rapid Forum suffers from a persistent XSS vulnerability. This vulnerability is pretty easy to exploit, as Rapid Forum does absolutely no validation or encoding whatsoever. <script>alert(document.cookie)</script> Timeline ...

The Simplest Forum BBCode Plugin 1.0.0 Beta 2 for Joomla suffers from a persistent XSS vulnerability that allows arbitrary injections of CSS rules. [color=#FF0000;font-size:100px]XSS[/color] Timeline ...

The Joomla component Testimonial Ku 2.0 is vulnerable to persistent XSS in the administrator panel. A malicious user can submit a testimonial containing <script> tags with absolutely no quotes and ...

... write many. Website Input XSS The 'Website' input field is checked for html markup, but fails to sanitize extra parameters. " onmouseover="alert(String.fromCharCode(88,83,83)) " style="color:expression(alert(String.fromCharCode(88,83,83))) Timeline ...

!JoomlaComment 4.0 beta1, a commenting plugin, suffers from multiple XSS vulnerabilities. Website Input XSS The 'Website' input field is checked for html markup, but fails to sanitize extra parameters. ...

As I reported earlier, I was interviewed in the not too recent past concerning XSS security and Joomla. I am proud to say that the interview has been posted on CMSWire, with a prominent back link to yours ...

Textpattern 4.0.8, a PHP based CMS, has a unique approach to allowing user styled input: Textile. This BBCode-type markup allows users to easily style comments. It is also vulnerable to XSS. A few ...

The Joomla component Joo!BB 0.9.1 suffers from multiple persistent XSS vulnerabilities in its BBCode implementation, as well as Blind SQL Injection in its search feature. Nested [img] XSS [img]http://foo.com/fake.png ...

Recently, I was asked a couple of questions about Joomla security by a member of the Joomla Chicago CMS Group concerning XSS vulnerabilities. The Q&A hasn't been posted yet, but there's a bit of a preview ...

The Joomla component Agora 3.0.0 RC1 Rev.4 suffers from a Persistent XSS vulnerability. This can be exploited by uploading a malicious SWF file as an attachment then embedding it using the [swf] BBCode ...