Joomla core <= 3.1.5 reflected XSS vulnerability

看板Bugtraq作者emilio.時間12年前 (2013/08/05 19:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/3 (看更多)

============================================================ - Original release date: August 05, 2013 - Discovered by: Emilio Pinna (Application Security Analyst at Abinsula) - Contact: (emilio (dot) pinn (at) gmail (dot) com) - Severity: 4.3/10 (Base CVSS Score) ============================================================ VULNERABILITY ------------------------- Joomla core package <= 3.1.5 includes a PHP script that suffers from reflected XSS vulnerability that allows to inject HTML and malicious scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. Joomla is one of the most installed CMS with dozens of millions of installations. DESCRIPTION ------------------------- Affected file libraries/idna_convert/example.php has different injection points: - Unsanitized lang parameter in line 24 - Unsanitized file name printing on lines 112 and 119 PROOF OF CONCEPT -------------------------