com_webcamxp Cross Site Scripting Vulnerabilities

vendor:

com_webcamxp

by:

Pyske

7.5

CVSS

HIGH

Cross Site Scripting

CWE

Product Name: com_webcamxp

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

com_webcamxp Cross Site Scripting Vulnerabilities

Joomla Component com_webcamxp is vulnerable to Cross Site Scripting. An attacker can exploit this vulnerability to steal administrator and user cookies. The vulnerability can be exploited by injecting malicious code in the URL parameter 'Itemid'. The malicious code can be executed when the URL is accessed by an authenticated user.

Mitigation:

Input validation should be used to filter out malicious characters.

Source

Exploit-DB raw data:

# Exploit Title: com_webcamxp Cross Site Scripting Vulnerabilities
# Date: 27:12:2009
# Author: Pyske



< ------------------- header data start ------------------- >

###########################################################################
Joomla Component com_webcamxp Cross Site Scripting Vulnerabilities
###########################################################################
# Author : Pyske
# Name : com_webcamxp
# Home : www.cyber-warrior.org
# Greetz : Fl0riX , M-K-A , F0RTS3V3N , 3KB3R and ALL Cyber-Warrior

# Bug Type : Cross Site Scripting
# Infection : Yönetici ve User cookiekleri calinabilir.

# Bug Fix Advice : Zararl&#305; karakterler filtrelenmelidir.
# Demo Vuln. : http://server/nw/index.php?option=com_webcamxp&Itemid= [XSS CODE]

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >
">
< -- bug code end of -- >