Joomla! 1.6.3 and Prior Cross Site Scripting Vulnerability
BID:50634
Info
Joomla! 1.6.3 and Prior Cross Site Scripting Vulnerability
| Bugtraq ID: | 50634 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 10 2011 12:00AM |
| Updated: | Mar 19 2015 08:13AM |
| Credit: | Mesut Timur |
| Vulnerable: |
Joomla Joomla! 1.6.2 Joomla Joomla! 1.6.1 Joomla Joomla! 1.5.23 Joomla Joomla! 1.5.22 Joomla Joomla! 1.5.20 Joomla Joomla! 1.5.19 Joomla Joomla! 1.5.18 Joomla Joomla! 1.5.17 Joomla Joomla! 1.5.16 Joomla Joomla! 1.5.15 Joomla Joomla! 1.5.14 Joomla Joomla! 1.5.12 Joomla Joomla! 1.5.11 Joomla Joomla! 1.5.10 Joomla Joomla! 1.5.9 Joomla Joomla! 1.5.8 Joomla Joomla! 1.5.7 Joomla Joomla! 1.5.5 Joomla Joomla! 1.5.4 Joomla Joomla! 1.5.2 Joomla Joomla! 1.5.1 Joomla Joomla! 1.6.0 Joomla Joomla! 1.6 RC1 Joomla Joomla! 1.6 Beta9 Joomla Joomla! 1.6 Beta8 Joomla Joomla! 1.6 Beta7 Joomla Joomla! 1.6 Beta6 Joomla Joomla! 1.6 Beta5 Joomla Joomla! 1.6 Beta4 Joomla Joomla! 1.6 Beta3 Joomla Joomla! 1.6 Beta2 Joomla Joomla! 1.6 Beta15 Joomla Joomla! 1.6 Beta14 Joomla Joomla! 1.6 Beta13 Joomla Joomla! 1.6 Beta12 Joomla Joomla! 1.6 Beta11 Joomla Joomla! 1.6 Beta10 Joomla Joomla! 1.6 Beta1 Joomla Joomla! 1.6 Alpha2 Joomla Joomla! 1.6 Alpha Joomla Joomla! 1.5.6 Joomla Joomla! 1.5.3 Joomla Joomla! 1.5.22 Joomla Joomla! 1.5.21 Joomla Joomla! 1.5.15 Rc Joomla Joomla! 1.5.13 Joomla Joomla! 1.5.0 Joomla Joomla 1.6.3 Joomla Joomla 1.6 Joomla Joomla 1.5.24 Joomla Joomla 1.5.22 Joomla Joomla 1.5.21 Joomla Joomla 1.5.20 Joomla Joomla 1.5.19 Joomla Joomla 1.5.18 Joomla Joomla 1.5.17 Joomla Joomla 1.5.16 Joomla Joomla 1.5.15 Joomla Joomla 1.5.14 Joomla Joomla 1.5.13 Joomla Joomla 1.5.12 Joomla Joomla 1.5.11 Joomla Joomla 1.5.10 Joomla Joomla 1.5.9 Joomla Joomla 1.5.8 Joomla Joomla 1.5.7 Joomla Joomla 1.5.6 Joomla Joomla 1.5.5 Joomla Joomla 1.5.4 Joomla Joomla 1.5.3 Joomla Joomla 1.5.2 Joomla Joomla 1.5.1 Joomla Joomla 1.5 Joomla Joomla 1.5.0 Beta Joomla Joomla 1.5 RC3 Joomla Joomla 1.5 RC2 Joomla Joomla 1.5 RC1 Joomla Joomla 1.5 Beta 2 |
| Not Vulnerable: |
Joomla Joomla! 1.6.4 |
Discussion
Joomla! 1.6.3 and Prior Cross Site Scripting Vulnerability
Joomla! is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Joomla! 1.6.3 and prior are vulnerable.
Joomla! is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Joomla! 1.6.3 and prior are vulnerable.
Exploit / POC
Joomla! 1.6.3 and Prior Cross Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Solution / Fix
Joomla! 1.6.3 and Prior Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
Joomla! 1.6.3 and Prior Cross Site Scripting Vulnerability
References:
References:
- Joomla Homepage (Joomla)
- XSS vulnerability in Joomla 1.6.3 (Mesut Timur)