Joomla! 'com_grid' Component Multiple Cross-Site Scripting Vulnerabilities
BID:39854
Info
Joomla! 'com_grid' Component Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 39854 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-1746 |
| Remote: | Yes |
| Local: | No |
| Published: | May 01 2010 12:00AM |
| Updated: | Apr 13 2015 09:02PM |
| Credit: | Valentin |
| Vulnerable: |
Joomla com_grid 0 |
| Not Vulnerable: | |
Discussion
Joomla! 'com_grid' Component Multiple Cross-Site Scripting Vulnerabilities
The Joomla! 'com_grid' component is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The Joomla! 'com_grid' component is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
Joomla! 'com_grid' Component Multiple Cross-Site Scripting Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
The following example URIs are available:
http://www.example.com/index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0&data_search=[XSS]
http://www.example.com/index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0?data_search=&rpp=[XSS]
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
The following example URIs are available:
http://www.example.com/index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0&data_search=[XSS]
http://www.example.com/index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0?data_search=&rpp=[XSS]
Solution / Fix
Joomla! 'com_grid' Component Multiple Cross-Site Scripting Vulnerabilities
Solution:
Updates are available; please see the references for more information.
Solution:
Updates are available; please see the references for more information.
References
Joomla! 'com_grid' Component Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- Joomla! Homepage (Joomla )
- Tools JX Homepage (Tools JX)