Joomla Component Card View JX XSS Vulnerabilities

vendor:

by:

Valentin Hoebel

7,5

CVSS

HIGH

XSS

CWE

Product Name: Joomla Component Card View JX XSS Vulnerabilities

Affected Version From: all

Affected Version To: all

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component Card View JX XSS Vulnerabilities

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'index.php?option=com_grid&gid=15_ok_0', '15_ok_0&data_search' and 'index.php?option=com_grid&gid=15_ok_0', '15_ok_0?data_search=&rpp' parameters. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Mitigation:

Update to the latest version of the Joomla Component Card View JX.

Source

Exploit-DB raw data:

[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information 
Advisory/Exploit Title = Joomla Component Card View JX XSS Vulnerabilities
Author = Valentin Hoebel
Contact = valentin@xenuser.org


[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = Joomla Component Card View JX XSS Vulnerabilities
Vendor = Tools JX
Vendor Website = http://www.toolsjx.com
Affected Version(s) = all

 
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> #1 Vulnerability
Type = XSS
index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0&data_search=[XSS]
index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0?data_search=&rpp=[XSS]


[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 01.05.2010


[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
<3 packetstormsecurity.org!


[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]