Joomla Plugin Easydiscuss - exploit.company

vendor:

Easydiscuss

by:

Mattia Furlani

5.4

CVSS

MEDIUM

Persistent XSS

CWE

Product Name: Easydiscuss

Affected Version From: All versions up to 4.0.20

Affected Version To: 4.0.20

Patch Exists: YES

Related CWE: CVE-2018-5263

CPE: a:stackideas:easydiscuss

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Webapps

2018

Joomla Plugin Easydiscuss <4.0.21 Persistent XSS in Edit Message

Whenever a user edits a message with <extarea> inside the body, everything after the <extarea> will be executed in the user’s browser. Works with every version up to 4.0.20

Mitigation:

Update to version 4.0.21

Source

Exploit-DB raw data:

# Exploit Title: Joomla Plugin Easydiscuss <4.0.21 Persistent XSS in Edit Message
# Date: 06-01-2018
# Software Link: https://stackideas.com/easydiscuss
# Exploit Author: Mattia Furlani
# CVE: CVE-2018-5263
# Category: webapps

1. Description

Whenever a user edits a message with <\textarea> inside the body, everything after the <\textarea> will be executed in the user’s browser. Works with every version up to 4.0.20


2. Proof of Concept

Login with permissions to post a message, insert <\textarea> in the body and add any html code after that, whenever a user tries to edit that message the code writed after you closed the textarea will be executed


3. Solution:

Update to version 4.0.21
https://stackideas.com/blog/easydiscuss4021-update