header-logo
Suggest Exploit
vendor:
JoomlaXi
by:
3psil0nLambDa a.k.a Karthik
7.5
CVSS
HIGH
Persistent XSS
79
CWE
Product Name: JoomlaXi
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

JoomlaXi persistent XSS vulnerabilty

The vulnerability exists in the Event module in the front end of JoomlaXi. An attacker can inject malicious code, such as the example given, to execute arbitrary JavaScript code on the victim's browser.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize user input and implement proper output encoding to prevent the execution of malicious JavaScript code.
Source

Exploit-DB raw data:

1.JoomlaXi persistent XSS vulnerabilty
  vendor: www.joomlaxi.com
  Author: 3psil0nLambDa a.k.a Karthik
  Email:  Karthik.cupid@gmail.com
  My blog: epsilonlambda.co.cc
  Google dork: © 2008-2010 JoomlaXi.

------------------------------------------------------------------------------------------------------------------------------------------------------------

Description about the CMS

JoomlaXi enrich web applications that facilitate interactive information sharing, interoperability, user-centered design, and collaboration on the World Wide Web.We are committed to develop most demanded and required applications in the field of Open Source. JoomlaXi was founded for breaking new ground and giving best solution to this world.

JoomlaXi works in a specific approach as:

Research the demand of Public in the field of Open Source;
Provide them user friendly solutions to reach among those demands;
Develop Software Products with the best assurance of services and support.

JoomlaXi, A team since 2009, breaking its own limits every time has a large list of satisfied customers. Team has young, dynamic & talented team that drives the company passionately towards its goal.


  
------------------------------------------------------------------------------------------------------------------------------------------------------------
* Persistent XSS vulnerability

Event module in the front end,  persistent XSS vulnerability

Exploit: "><IFRAME SRC="javascript:alert('XSS');"></IFRAME>

Example: Front end demo-> markmessier->events-> type the above tags in the input fields and save the event-> View profile 

you ll see a pop up ;) \m/


------------------------------------------------------------------------------------------------------------------------------------------------------------

Thanks to side-effects for his valuable guidance and greets to taashu for her love and support.

Navigation

Suggest Exploit

Services By CQR