Advanced Search

Search Only:

Total: 44 results found.
Search Keyword vulnerability
Page 2 of 3
Joomla Commentator 1.1b3, a Joomla commenting plugin, suffers from an XSS vulnerability in its "title" field that enables attackers to possibly run scripts as an administrator. title"/onmouseover="alert(/xss/.source) Timeline ...
Jeff, thank you for your help in resolving this issue for me. I still don't think the whole how-to should have been posted, but I do agree with making people aware that there IS a vulnerability. Now that ...
When the developer doesn't care to fix it, is it better to know a vulnerability exists, or to be in the dark and let someone else find it? Take a look yourself: this was posted in April 2009, and an ...
It's one thing to say, hey, there's a vulnerability here, I should let the developer know so they can fix it. It's another thing entirely to just post a step-by-step manual on how to exploit the vulnerability, ...
The Joomla component AWD Wall 1.5 suffers from an SQL Injection vulnerability in its handling of the 'cbuser' parameter. ?option=com_awdwall&view=awdwall&cbuser=62 and 1=1 limit 1 -- ' ?option=com_awdwall&view=awdwall&cbuser=62 ...
... IMG Tag Injection This is basically the IMG Tag injection above with a twist: using nested tags to achieve the injection. This is based off the vulnerability found by Julian A. Rodriguez affecting Phorum. ...
The Joomla component EasyBook 2.0.0rc4 suffers from multiple persistent XSS vulnerabilities. One seems fairly critical, while the others would take some incredible creativity to actively exploit. BBCode ...
The Joomla component ccBoard 1.1-RC suffers from a Cross Site Scripting vulnerability if certain conditions are met. The forum must be set up to use the internal HTML editor and not bbCode. This is the ...
... in the page twice. "><script>alert(document.cookie)</script><b f=" AIM Profile Field XSS This vulnerability has a limited number of characters, but this will inject ...
The Joomla component Rapid Forum suffers from a persistent XSS vulnerability. This vulnerability is pretty easy to exploit, as Rapid Forum does absolutely no validation or encoding whatsoever. <script>alert(document.cookie)</script> Timeline ...
The Simplest Forum BBCode Plugin 1.0.0 Beta 2 for Joomla suffers from a persistent XSS vulnerability that allows arbitrary injections of CSS rules. [color=#FF0000;font-size:100px]XSS[/color] Timeline ...
The Joomla component Testimonial Ku 2.0 is vulnerable to persistent XSS in the administrator panel. A malicious user can submit a testimonial containing <script> tags with absolutely no quotes and ...
... XSS vulnerability executes in the administrator area as well. [color] BBCode Tag XSS [color=red;font-size:expression(alert(String.fromCharCode(88,83,83)))]XSS[/color] This XSS vulnerability executes ...
... is coupled with an SQL injection vulnerability introduced by a third party script, it would be trivial for an attacker to take control of an administrative account on the victim's site. The process would ...
Textpattern 4.0.8, a PHP based CMS, has a unique approach to allowing user styled input: Textile. This BBCode-type markup allows users to easily style comments. It is also vulnerable to XSS. A few ...
The Joomla component Joo!BB 0.9.1 suffers from multiple persistent XSS vulnerabilities in its BBCode implementation, as well as Blind SQL Injection in its search feature. Nested [img] XSS [img] ...
The Joomla component Agora 3.0.0 RC1 Rev.4 suffers from a Persistent XSS vulnerability. This can be exploited by uploading a malicious SWF file as an attachment then embedding it using the [swf] BBCode ...
Well, another XSS vulnerable BBCode implementation, this time on JTag Ticketing System. This is the exact same vulnerability I posted about earlier concerning WebAmoeba. [url=javascript:alert('xss ...
The Joomla component uddeIM is vulnerable to XSS injection in its BBCode implementation. Extra CSS parameters can be passed inside the [color] tag, and Internet Explorer versions before 8 will run scripts ...
Here's a rather nasty persistent XSS vulnerability I found today in Kunena Forums. Using nested [img] tags, it is possible to inject script into the forums. Here are some important highlights about ...
Page 2 of 3

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Joomla Extensions