com_jm-recommend Cross Site Scripting Vulnerabilities

vendor:

com_jm-recommend

by:

Pyske

7.5

CVSS

HIGH

Cross Site Scripting

CWE

Product Name: com_jm-recommend

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

com_jm-recommend Cross Site Scripting Vulnerabilities

Joomla Component com_jm-recommend is vulnerable to Cross Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the vulnerable parameter Itemid and execute it in the browser of an unsuspecting user. This can be used to steal user credentials or perform other malicious actions.

Mitigation:

Input validation should be used to filter out malicious characters.

Source

Exploit-DB raw data:

# Exploit Title: com_jm-recommend Cross Site Scripting Vulnerabilities
# Date: 27:12:2009
# Author: Pyske

###########################################################################

Joomla Component com_jm-recommend Cross Site Scripting Vulnerabilities
###########################################################################

# Author : Pyske
# Name : com_jm-recommend
# Home : www.cyber-warrior.org
# Greetz : Fl0riX , M-K-A , F0RTS3V3N , 3KB3R and ALL Cyber-Warrior

# Bug Type : Cross Site Scripting
# Infection : Yönetici ve User cookiekleri calinabilir.
# Bug Fix Advice : Zararl&#305; karakterler filtrelenmelidir.

# Demo Vuln. : http://server/index.php?option=com_jm-recommend&Itemid= [XSS CODE]


# Example : http://server/index.php?option=com_jm-recommend&Itemid= [ XSS Code ]

#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >


">


< -- bug code end of -- >