Joomla Component com_facileforms Cross Site Scripting Vulnerabilities

vendor:

com_facileforms

by:

Pyske

7.5

CVSS

HIGH

Cross Site Scripting

CWE

Product Name: com_facileforms

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component com_facileforms Cross Site Scripting Vulnerabilities

com_facileforms is a vulnerable Joomla component that allows attackers to inject malicious JavaScript code into the vulnerable parameter Itemid. This code is then executed in the browser of the victim when they visit the vulnerable page, allowing the attacker to steal the administrator and user cookies, leading to a full compromise of the website.

Mitigation:

Filter out malicious characters.

Source

Exploit-DB raw data:

< ------------------- header data start ------------------- >

###########################################################################
Joomla Component com_facileforms Cross Site Scripting Vulnerabilities
###########################################################################

# Author : Pyske


# Greetz : Fl0riX , M-K-A , F0RTS3V3N , 3KB3R ,BARCOD3 and ALL Cyber-Warrior


# Name : com_facileforms


# Bug Type : Cross Site Scripting


# Infection : Yönetici ve User cookiekleri calinabilir.


# Bug Fix Advice : Zararl&#305; karakterler filtrelenmelidir.


# Demo Vuln. : http://server/index.php?option=com_facileforms&Itemid=[XSS CODE]

#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >


">


< -- bug code end of -- >