Joomla EasyBlog Persistent XSS Vulnerability

vendor:

EasyBlog

by:

Sid3^effects aKa HaRi

9,3

CVSS

HIGH

Persistent XSS

CWE

Product Name: EasyBlog

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: a:stackideas:easyblog

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla EasyBlog Persistent XSS Vulnerability

This vulnerability exists in the comments section. An attacker can submit an evil XSS script in the comment section, which will be executed when the page is loaded.

Mitigation:

Input validation should be used to prevent XSS attacks.

Source

Exploit-DB raw data:

Name :  Joomla EasyBlog Persistent XSS Vulnerability
Date : july 12,2010
Critical Level 	: HIGH
vendor URL :http://stackideas.com/products/easyblog.html
Author : Sid3^effects aKa HaRi 
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description 
Publishing your blog in Joomla!-based website has never been easier with EasyBlog. Comes with built-in social integrations with Twitter, Facebook Share and Google Buzz, you never, ever have to manually notify your followers for your new blog entries.
#######################################################################################################
Xploit: Persistent XSS Vulnerability

This vulnerability exists in the comments section.

1. Goto any post and submit your evil xss script in the comment section :P  

Attack Pattern:">><marquee><h1>XSS3d by Sid3^effects</h1><marquee> 

DEMO URL : http://<site>/easyblog/entry/uncategorized/2010/07/09/testing-umlaut-charaters.html