Search

Advanced Search

Search Only:



Total: 44 results found.
Search Keyword vulnerability
Page 2 of 3
21.
(Code/Joomla!)
Joomla Commentator 1.1b3, a Joomla commenting plugin, suffers from an XSS vulnerability in its "title" field that enables attackers to possibly run scripts as an administrator. title"/onmouseover="alert(/xss/.source) Timeline ...
22.
(Comments/All)
Jeff, thank you for your help in resolving this issue for me. I still don't think the whole how-to should have been posted, but I do agree with making people aware that there IS a vulnerability. Now that ...
23.
(Comments/All)
When the developer doesn't care to fix it, is it better to know a vulnerability exists, or to be in the dark and let someone else find it? Take a look yourself: this was posted in April 2009, and an ...
24.
(Comments/All)
It's one thing to say, hey, there's a vulnerability here, I should let the developer know so they can fix it. It's another thing entirely to just post a step-by-step manual on how to exploit the vulnerability, ...
25.
(Code/Joomla!)
The Joomla component AWD Wall 1.5 suffers from an SQL Injection vulnerability in its handling of the 'cbuser' parameter. ?option=com_awdwall&view=awdwall&cbuser=62 and 1=1 limit 1 -- ' ?option=com_awdwall&view=awdwall&cbuser=62 ...
26.
(Other/Other)
... IMG Tag Injection This is basically the IMG Tag injection above with a twist: using nested tags to achieve the injection. This is based off the vulnerability found by Julian A. Rodriguez affecting Phorum. ...
27.
(Code/Joomla!)
The Joomla component EasyBook 2.0.0rc4 suffers from multiple persistent XSS vulnerabilities. One seems fairly critical, while the others would take some incredible creativity to actively exploit. BBCode ...
28.
(Code/Joomla!)
The Joomla component ccBoard 1.1-RC suffers from a Cross Site Scripting vulnerability if certain conditions are met. The forum must be set up to use the internal HTML editor and not bbCode. This is the ...
29.
(Code/Joomla!)
... in the page twice. "><script>alert(document.cookie)</script><b f=" AIM Profile Field XSS This vulnerability has a limited number of characters, but this will inject ...
30.
(Code/Joomla!)
The Joomla component Rapid Forum suffers from a persistent XSS vulnerability. This vulnerability is pretty easy to exploit, as Rapid Forum does absolutely no validation or encoding whatsoever. <script>alert(document.cookie)</script> Timeline ...
31.
(Code/Joomla!)
The Simplest Forum BBCode Plugin 1.0.0 Beta 2 for Joomla suffers from a persistent XSS vulnerability that allows arbitrary injections of CSS rules. [color=#FF0000;font-size:100px]XSS[/color] Timeline ...
32.
(Code/Joomla!)
The Joomla component Testimonial Ku 2.0 is vulnerable to persistent XSS in the administrator panel. A malicious user can submit a testimonial containing <script> tags with absolutely no quotes and ...
33.
(Code/Joomla!)
... XSS vulnerability executes in the administrator area as well. [color] BBCode Tag XSS [color=red;font-size:expression(alert(String.fromCharCode(88,83,83)))]XSS[/color] This XSS vulnerability executes ...
34.
(Code/Joomla!)
... is coupled with an SQL injection vulnerability introduced by a third party script, it would be trivial for an attacker to take control of an administrative account on the victim's site. The process would ...
35.
(Code/PHP)
Textpattern 4.0.8, a PHP based CMS, has a unique approach to allowing user styled input: Textile. This BBCode-type markup allows users to easily style comments. It is also vulnerable to XSS. A few ...
36.
(Code/Joomla!)
The Joomla component Joo!BB 0.9.1 suffers from multiple persistent XSS vulnerabilities in its BBCode implementation, as well as Blind SQL Injection in its search feature. Nested [img] XSS [img]http://foo.com/fake.png ...
37.
(Code/Joomla!)
The Joomla component Agora 3.0.0 RC1 Rev.4 suffers from a Persistent XSS vulnerability. This can be exploited by uploading a malicious SWF file as an attachment then embedding it using the [swf] BBCode ...
38.
(Code/Joomla!)
Well, another XSS vulnerable BBCode implementation, this time on JTag Ticketing System. This is the exact same vulnerability I posted about earlier concerning WebAmoeba. [url=javascript:alert('xss ...
39.
(Code/Joomla!)
The Joomla component uddeIM is vulnerable to XSS injection in its BBCode implementation. Extra CSS parameters can be passed inside the [color] tag, and Internet Explorer versions before 8 will run scripts ...
40.
(Code/Joomla!)
Here's a rather nasty persistent XSS vulnerability I found today in Kunena Forums. Using nested [img] tags, it is possible to inject script into the forums. Here are some important highlights about ...
Page 2 of 3

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Santorum
Joomla Extensions