Joomla Component com_qpersonel Cross Site Scripting Vulnerabilities

vendor:

com_qpersonel

by:

Pyske

7.5

CVSS

HIGH

Cross Site Scripting

CWE

Product Name: com_qpersonel

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component com_qpersonel Cross Site Scripting Vulnerabilities

com_qpersonel is a Joomla component that is vulnerable to Cross Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'personel_sira' parameter of the 'index.php' script. This code will be executed in the browser of the victim when they visit the vulnerable page. The malicious code can be used to steal the administrator and user cookies, which can then be used to gain access to the Joomla website.

Mitigation:

Input validation should be used to filter out malicious characters.

Source

Exploit-DB raw data:

< ------------------- header data start ------------------- >

###########################################################################
Joomla Component com_qpersonel Cross Site Scripting Vulnerabilities
###########################################################################

# Author : Pyske


# Greetz : Fl0riX , M-K-A , F0RTS3V3N , 3KB3R ,BARCOD3 and ALL Cyber-Warrior


# Name : com_qpersonel


# Bug Type : Cross Site Scripting


# Infection : Yönetici ve User cookiekleri calinabilir.


# Bug Fix Advice : Zararl&#305; karakterler filtrelenmelidir.


# Demo Vuln. : http://server/j15x/index.php?option=com_qpersonel&task=sirala&personel_sira=[XSS CODE]




#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >


">


< -- bug code end of -- >